Rite Aid data breach affects millions
Data stolen from Rite Aid includes names, addresses, dates of birth, and government IDs.
Rite Aid, one of the largest drugstore chains in the US, has reported a significant data breach affecting over two million customers. Attackers gained access by impersonating a Rite Aid employee, compromising the company’s systems in early June 2024. Despite detecting the breach within 12 hours, sensitive customer data was stolen, including names, addresses, dates of birth, and government IDs. The company confirmed no Social Security numbers or financial details were accessed.
In response, Rite Aid has contacted affected individuals and reported the incident to law enforcement and regulatory bodies. The breach notification letter emphasises that additional security measures are being implemented to prevent future incidents. The breach affected customers who purchased between 6 June 2017 and 30 July 2018.
The RansomHub ransomware group has claimed responsibility for the breach, stating they stole 10GB of sensitive data from Rite Aid’s networks. The group posted the stolen data on their dark web blog, showcasing their latest victims. Rite Aid acknowledged the breach as a “limited cybersecurity incident” and is finalising its investigation.
Rite Aid, headquartered in Philadelphia, operates over 2,300 locations across the US and serves 1.6 million customers daily. The company reported revenues exceeding $24 billion in 2023 and employs around 51,000 people. The breach has raised significant concerns about data security within the retail industry.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.