Rite Aid confirms data breach after ransomware attack
US drugstore chain Rite Aid has confirmed that last month’s ransomware attack resulted in data theft.
The company said in a statement that it is currently investigating the cyberattack and is in the process of sending out data breach notifications to affected customers.
“Rite Aid experienced a limited cybersecurity incident in June and we are concluding our investigation. We take our obligation to protect personal information very seriously and this incident has been a top priority,” Rite Aid said. “Working with our third-party cybersecurity partner experts, we have restored our systems and are fully operational. We are sending messages to affected consumers.”
RansomHub
The company has not disclosed how many people were affected by the incident or exactly what data was stolen.
Rite Aid did say, however, that no information was stolen: medical records and financial data. They noted, “We can confirm that no Social Security numbers, financial data, or patient information was stolen in this incident.”
At the same time, a ransomware operation called RansomHub took responsibility for the attack and shared more details on its data breach page:
“While we had access to the Riteaid network, we obtained over 10GB of customer data, which equates to approximately 45 million lines of people’s personal information. This information includes name, address, dl_id number, dob, riteaid rewards number,” the group apparently wrote on its dark web page.
The company added that Rite Aid has not entered into ransom negotiations and that is why it plans to leak everything within about two weeks.
RansomHub is a relatively new threat actor, having spun out of the defunct ALPHV (AKA BlackCat). In early 2024, an ALPHV affiliate breached Change Healthcare, stole a massive database of sensitive information, and demanded $22 million in ransom. Since ALPHV operates on a Ransomware-as-a-Service (RaaS) model, the payment was made to ALPHV operators, who were then supposed to split the spoils with the breaching affiliate.
Instead, the operators took all the money and disappeared, leaving the affiliate penniless and with a bunch of sensitive Change Healthcare data. This affiliate later rebranded as RansomHub and at one point even demanded more money from Change Healthcare.
Through BleepingComputer