Rite Aid Confirms Data Breach Following Cyberattack

The American pharmaceutical giant Rite Aid has confirmed a data breach following a cyberattack that occurred in June. The ransomware group RansomHub has claimed responsibility for the company’s compromise.

Rite Aid is the third-largest pharmacy chain in the United States, employing over 6,000 pharmacists and more than 45,000 staff across 1,700 stores in 16 states. On July 12, the company announced it was concluding its investigation into the cyberattack discovered in June and was working on sending data breach notifications to customers whose information had been compromised.

A representative of the pharmacy chain stated, “Rite Aid experienced a limited cybersecurity incident in June, and we are finalizing our investigation. We take our duty to protect personal information very seriously, and this incident has been our top priority.”

Since the breach, the company’s systems have been fully restored and are now operating normally. Notifications to affected customers are also being actively dispatched.

Although Rite Aid has not disclosed which specific customer data was compromised or the number of individuals affected, the company assured that the breach did not involve health or financial information.

The name of the hacking group that attacked the pharmacy chain was not officially released; however, the ransomware gang RansomHub published information about the Rite Aid breach on their leak site.

The attackers stated, “Having access to the Rite Aid network, we obtained over 10 GB of customer information, equivalent to approximately 45 million rows of personal data. This information includes names, addresses, driver’s license numbers, dates of birth, and Rite Aid rewards program numbers.”

After listing Rite Aid on their leak site due to the alleged cessation of ransom negotiations, the ransomware group shared a screenshot of some stolen data as proof, claiming that all information would be leaked online within two weeks.

RansomHub is a relatively new ransomware group that demands ransom from victims in exchange for not disseminating stolen files. If negotiations fail, the stolen data is often auctioned by the hackers. These criminals typically focus on extortion based on data theft rather than file encryption.

Last month, RansomHub claimed responsibility for the April breach of the American telecommunications provider Frontier Communications, forcing the company to shut down systems to contain the leak and stealing information from over two million customers.