July 16, 2024 at 10:58AM
Rite Aid, the third-largest US drugstore chain, suffered a data breach affecting 2.2 million customers’ personal information. The breach, detected on June 6, involved purchase-related data such as names, addresses, and driver’s license numbers, but not Social Security, financial, or health information. The ransomware gang RansomHub claimed responsibility and threatened to leak the stolen data.
From the meeting notes:
– Rite Aid, the third-largest drugstore chain in the U.S., experienced a data security incident last month, resulting in the theft of personal information belonging to 2.2 million customers.
– The breach was detected on June 6th, with the attackers exploiting an employee’s credentials to access the network.
– The stolen data included purchaser names, addresses, dates of birth, and driver’s license numbers or other government-issued IDs used between June 6, 2017, and July 30, 2018. Notably, no social security numbers, financial information, or health information were exposed.
– The RansomHub ransomware gang claimed responsibility for the breach and stated they obtained over 10GB of customer information, which they threatened to leak.
– Rite Aid has not provided more details about the incident and has yet to respond to requests for additional information.
– RansomHub is known for extorting victims and auctioning stolen files if negotiations fail. They have also claimed responsibility for breaching other companies, including U.S. telecom provider Frontier Communications.
These are the key takeaways from the meeting notes.