Rite Aid Suffers Cybersecurity Breach, Millions of Customers' Data Exposed
Rite Aid announced this week it suffered a cybersecurity breach on June 6 and roughly 2 million customers' information was stolen in the hack, reports Newsweek. The drug store chain said the hacker impersonated a company employee to access customer information from 2017 and 2018. This data included purchaser name, address, date of birth, and driver’s license number or other form of government-issued ID presented at the time of a purchase between June 6, 2017, and July 30, 2018, according to a company press release. Rite Aid confirmed no social security numbers, financial information or patient information was impacted by the incident.
RansomHub, the ransomware gang claiming responsibility for the hack, estimated that 45 million customers were affected. Rite Aid has not confirmed the number impacted but reports it is mailing letters to any potentially affected customers. The pharmacy chain says it detected the incident within 12 hours, immediately launched an investigation and reported the incident to law enforcement, as well as federal and state regulators.
Total Retail's Take: Rite Aid's recent cyber attack adds to the string of difficulties the business is facing. The retailer has been navigating a Chapter 11 bankruptcy filing since October 2023; closing hundreds of stores; selling business entities like its pharmacy benefit company, Elixir; and settling opioid mishandling lawsuits. Rite Aid only recently proposed its restructuring plan to a U.S. bankruptcy court in June. This cyber attack may compound both consumer and industry mistrust in Rite Aid.
"We regret that this incident occurred and are implementing additional security measures to prevent potentially similar attacks in the future. We take our obligation to safeguard personal information very seriously," Rite Aid said in a press release.
Retailers continue to be a target for mass cyberattacks, either directly or through third-party technology vendors. Earlier this year, Neiman Marcus and 165 organizations that partner with cloud storage provider Snowflake were impacted by an attack to its systems, and Home Depot was similarly breached by a SaaS hack. All retail organizations should take note of these attacks and continue to prioritize cybersecurity.
Kristina Stidham is the digital content director at Total Retail and sister brands Women in Retail Leadership Circle and Women Leading Travel & Hospitality at NAPCO Media. She is passionate about digital media and handles video, podcast and virtual event production for all brands. You can often find her at WIRLC, TR, WLT&H or industry events with her camera and podcasting equipment—or at home on Zoom—recording interviews with thought leaders and business executives.
Kristina holds a B.A. in Media Studies and Production from the Temple University Klein College of Media and Communication in Philadelphia. Go Owls! When she's not in the office, she loves to go on long walks, sing around the house, hangout with her family and two pet guinea pigs, and travel to new places.
