Can We Not Go One Day Without A Major Breach Announcement?
Customers of Rite Aid are once again at risk, as the huge US drug store chain announces yet another security breach involving millions of customers. The chain has been in the news several times, for all the wrong reasons. They have reported breaches in 2015, 2017, 2018 and back in 2023 which involved the theft of personal customer data such as names, dates of birth, addresses, prescription data, and insurance data. Those previous breaches pale in comparison to the sheer size of this latest one however.
The name, address, date of birth, and details of the government ID used to purchase prescriptions of ~2.2 million customers have been stolen and if they aren’t already available on the web, they will be soon. In June, a member of RansomHub managed to successfully impersonate a Rite Aid employee and downloaded the purchase data of customers spanning transactions from June 6, 2017 to July 30, 2018.
To make things even more frustrating for those who may have had their data stolen, Rite Aid is currently filing for bankruptcy, likely to avoid not only the lawsuits from previous and current breaches, but also legal actions against them due to involvement in the opioid crisis. Ars Technica reports that talks between Rite Aid and RansomHub have broken down, possibly because the pharmacy simply doesn’t have the money available to even consider paying ransom.
Rite Aid Customers Personal Data Stolen By RansomHub
