On July 15, 2024, Rite Aid Corporation suffered a data breach affecting 2.2 million individuals. The healthcare provider sent out a notice of data breach to the affected individuals informing them that some personal information may have been exposed. An investigation of the incident revealed that on June 6, hh2024, an unauthorized access to their system by an individual impersonating an employee. The incident was detected within 12 hours, resulting to immediate termination of the unauthorized access and rehabilitating the affected systems. By June 17, 2024, it was determined that the third party had acquired specific data related to the purchase or attempted purchase of certain retail products. This data, which included purchaser name, address, date of birth, and government-issued ID, pertained to purchases made between June 6, 2017, and July 30, 2018. Importantly, no Social Security numbers, financial information, or patient information was impacted by the incident. The official statement from the company regarding the identity of the threat actors has not been disclosed, however, RansomHub ransomware group said on its dark web leak site, “While having access to the Rite-Aid network, we obtained over 10GB of customer information equating to around 45 million lines of people’s personal information. This information includes name, address, dl_id number, DoB, Rite Aid rewards number.”

Rite Aid Corporation, an American drugstore chain, offering a wide range of solutions, including retail and delivery pharmacy services. Headquartered in Camp Hill, Pennsylvania, the company has evolved to become the third-largest drugstore chain in the United States with over 2,000 stores. Founded by Alex Grass in 1962, under the name Thrift D Discount Center, the company changed its name to Rite Aid Corporation in 1968. Rite Aid also owns wholly owned subsidiaries such as Bartell Drugs and Health Dialog.

RansomHub, a ransomware group, that operates as a Ransomware-as-a-Service (RaaS), that emerged as a rebranded version of the previously known Knight ransomware. Surfacing prominently in early 2024 in underground cyber-crime forums, RansomHub has quickly gained notoriety for its aggressive campaigns targeting various systems including Windows, macOS, Linux, and particularly VMware ESXi environments. This malware is known for employing sophisticated encryption methods.

Andrew Palmer, Chief Privacy Officer of Rite Aid, said in their notice, “We regret that this incident occurred and reported it to law enforcement, as well as federal and state regulators. We are also implementing additional security measures to prevent potentially similar attacks in the future. We take our obligation to safeguard personal information very seriously and are alerting you about this issue in case you would like to take any additional steps to help protect yourself.” He further stated, “To help relieve concerns and restore confidence following this incident, we have secured the services of Kroll to provide identity monitoring at no cost to you. Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data. Your identity monitoring services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration.”

#CyTech #CyberNews #CyberSecurity #CISO #CISOWorkplace #DataBreach #Ransomware #RiteAid