Rite Aid discloses security incident after cyberattack
Rite Aid, an American pharmacy chain, confirms in a statement that it suffered from “a limited cybersecurity incident” in June and is currently in the process of finalizing their investigation.
“Together with our third-party cybersecurity partner experts, we have restored our systems and are fully operational. We are sending notices to impacted consumers,” a spokesperson says.
He added that no social security numbers, financial information or patient information was stolen by the attack.
“We take our obligation to safeguard personal information very seriously, and this incident has been a top priority. We appreciate your patience until we can provide additional information,” the statement sent to numerous news outlets continues.
The cyberattack on Rite Aid came to light when ransomware operation RansomHub posted a message on their dark web page last Friday. They claimed to have stolen 10 GB of confidential data from the company, including names, addresses, dates of birth, driver’s license numbers and Rite Aid rewards numbers.
RansomHub points out that at one point the ransomware operation was negotiating with Rite Aid. After a while the negotiating talks stopped and the hacking group shared a screenshot of the allegedly stolen data on their leak site on the dark web.
The threat actor threatens to publish everything by Monday July 22 if the ransom demands aren’t met.
With more than 1,700 stores across 16 states and over 50,000 employees, Rite Aid is one of the largest drugstore chains in the United States. It reported 5.7 billion dollars in revenue last quarter, but filed for bankruptcy in October 2023 due to federal lawsuits surrounding the company.
According to Recorded Future News, Rite Aid filed breach notifications in 2015, 2017 and 2018.
RansomHub is a new player on the cybercrime scene, having its first victim posting in February 2024. Recent breaches of the ransomware operation include laptop maker Clevo, Christie’s auction house and high-speed internet provider Frontier.
Your email address will not be published. Required fields are marked