Excerpt from BleepingComputer Article, Published on July 17, 2024
Rite Aid, the third-largest drugstore chain in the U.S., reported a data breach that affected 2.2 million customers in June. The breach was detected on June 6, 12 hours after attackers accessed the network using an employee’s credentials. By June 17, Rite Aid confirmed that personal information such as names, addresses, dates of birth, and driver’s license numbers were acquired by an unknown third party. The breach did not expose Social Security numbers, financial information, or health information.
The RansomHub ransomware gang claimed responsibility for the breach, stating they stole over 10 GB of customer data, equating to approximately 45 million lines of personal information. They revealed the breach on their dark web leak site after ransom negotiations with Rite Aid halted. RansomHub focuses on data-theft-based extortion rather than encrypting files, threatening to leak stolen data if demands are not met.
Rite Aid has yet to provide additional details about the breach, despite requests from BleepingComputer. The gang’s announcement included a screenshot of the stolen data as proof, with a warning that all data would be leaked within two weeks.
RansomHub, a relatively new operation, has previously targeted U.S. telecom provider Frontier Communications, stealing the information of 750,000 customers. The gang’s activities have highlighted the importance of robust cybersecurity measures and prompt responses to data breaches.
As the investigation continues, Rite Aid is working to enhance its security protocols to prevent future incidents. The breach underscores the growing threat of ransomware attacks and the need for companies to remain vigilant in protecting customer data. The incident serves as a reminder for all businesses to regularly update their security measures and educate employees on best practices to prevent unauthorized access.
To delve deeper into this topic, please read the full article on BleepingComputer
