Rite Aid Data Breach Exposes 45M Records By RansomHub
The RansomHub ransomware group announced on Tor Leak their unauthorized access to Rite Aid's network, highlighting the capture of sensitive customer details.
Ashish Khaitan July 14, 2024
Share on LinkedInShare on Twitter
Rite Aid Corporation, a prominent American drugstore chain headquartered in Philadelphia, has fallen victim to a data breach following a cyberattack operation by the RansomHub ransomware group. This Rite Aid data breach disclosed recently, has compromised a vast amount of sensitive customer information, including names, addresses, DL ID numbers, dates of birth, and Rite Aid rewards numbers. The cybercriminals behind the Rite Aid cyberattack have claimed to have exfiltrated approximately 10 GB of data, amounting to around 45 million lines of personal information.
Rite Aid, known for its extensive network of over 2,000 stores across the United States, ranks No. 148 in the Fortune 500 as of 2022. The cyberattack on Rite Aid, reportedly initiated in June, highlights the vulnerability of large corporations to sophisticated cyber threats despite cybersecurity measures.
Decoding the Rite Aid Data Breach by RansomHub Ransomware Group
Source: Dark Web
In an announcement on the Tor Leak site, the RansomHub ransomware group detailed their unauthorized access to Rite Aid’s network, emphasizing their capture of sensitive customer details. They have also set a ransom deadline of July 26, 2024, threatening to release the stolen data if their demands are not met.
The Cyber Express has reached out to the organization to learn more about this Rite Aid data breach. However, at the time of writing this, no official statement or response has been received. However, the company previously acknowledged a “limited cybersecurity incident” in June and assured stakeholders that investigations are nearing completion. Rite Aid has emphasized its commitment to customer data security, noting that the incident has been a top priority.
Fortunately, Rite Aid has clarified that the breach does not compromise the social security numbers, health records, or financial information of its customers. Nonetheless, the exposure of personal details remains a significant concern for affected individuals.
Previous Cybersecurity Instances
This is not the first time Rite Aid has faced cybersecurity challenges. In May 2023, the company was one of several organizations targeted in the MOVEit hacking campaign orchestrated by the Cl0p ransomware gang. During that incident, over 24,000 customers’ personally identifiable information, including insurance and prescription details, was compromised.
As the investigation into the latest breach continues, Rite Aid is working closely with cybersecurity experts to restore systems and ensure operational stability. The company has also begun notifying impacted customers about the incident and recommended precautions to safeguard against potential misuse of their personal information.
In response to the escalating cyber threats, Rite Aid and other affected organizations are stepping up their cybersecurity measures to prevent future breaches and protect consumer data from malicious actors. The incident serves as a stark reminder of the persistent challenges posed by cyber threats in the digital domain.