Rite Aid reveals data breach impacted 2.2 million customers
Free identity theft monitoring services offered by Rite Aid
The recent ransomware attack on Rite Aid affected 2.2 million people overall, the company has confirmed in a filing with the Office of the Maine Attorney General.
The company also provided a copy of the breach notification letter it is sending out to those affected, in which it noted the breach occurred on June 6, and was spotted 12 hours later.
In that time, the threat actors managed to grab “certain data associated with the purchase or attempted purchase of specific retail products,” including “purchaser name, address, date of birth and driver’s license number or other form of government-issued ID presented at the time of a purchase between June 6, 2017, and July 30, 2018.”
Sensitive data stolen
Following the breach, Rite Aid initially issued a statement, saying it suffered a ransomware attack which resulted in data theft, but did not say how many people were affected by the incident, nor what type of information the attackers stole.
"Rite Aid experienced a limited cybersecurity incident in June, and we are finalizing our investigation,” it said at the time. “We take our obligation to safeguard personal information very seriously, and this incident has been a top priority." "Together with our third-party cybersecurity partner experts, we have restored our systems and are fully operational.”
Now, the filing with the regulators confirmed more than two million affected individuals, including more than 30,000 Maine residents. Rite Aid also confirmed that the attackers did not steal Social Security Numbers (SSN), financial information, or patient information.
The company said it is currently implementing “additional security measures” to make sure these attacks don’t repeat in the future, without explaining what those measures are. Additionally, the affected individuals are getting free credit monitoring, fraud consultation, and identity theft restoration services through Kroll.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via BleepingComputer
More from TechRadar Pro
- US government warns of possible security issue with popular geospatial data platform
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.