Rite Aid hit in major data breach with 2.2 million customers affected — names, driver’s license numbers and more stolen by hackers
Customer data stolen by ransomware gang
Whether you’re shopping online or even in person, your data can still end up in the hands of hackers through no fault of your own. Case in point, the U.S. pharmacy Rite Aid has revealed that it suffered a data breach last month which saw the personal information of 2.2 million of its customers stolen by hackers.
As reported by BleepingComputer, the drugstore chain detected a “data security incident” at the beginning of last month in which personal data but not financial data — like Social Security numbers or credit card details — was stolen from its systems.
Now though, in a data breach notification letter filed with the Office of Maine’s Attorney General, Rite Aid explained that the incident was first detected on June 6, 12 hours after hackers managed to breach its network. They did this by using an employee’s credentials.
As a result, the full names, addresses, dates of birth, driver’s license numbers or other forms of government issued ID used for purchases made between June 6, 2017 and July 30, 2018 were stolen by the hackers in question.
Here’s everything you need to know about this new data breach along with some steps you can take if your personal information was stolen during the attack on Rite Aid’s systems.
Ransomware but with a twist
Rite Aid has yet to say which group of hackers was behind the attack that took place back in June. However, a ransomware gang by the name of RansomHub has claimed responsibility in a post on its dark web leak site.
In the post, the RansomHub hackers explain that they “obtained over 10 GB of customer information equating to around 45 million lines of personal information.” They then went onto detail what kind of personal info was stolen during their attack on the drugstore chain.
Sign up now to get the best Black Friday deals!
Discover the hottest deals, best product picks and the latest tech news from our experts at Tom’s Guide.
Normally in a ransomware attack, hackers gain access to a company’s systems and lock them until they are paid a ransom to unlock them. However, RansomHub does things a bit differently. Instead of locking a company’s systems, the ransomware gang steals any data it can get its hands on and holds this stolen data hostage.
When Rite Aid halted negotiations with RansomHub though, the hackers shared a screenshot showing what data they had in their possession on their data leak site as proof. They also said that this data would be leaked in two weeks unless Rite Aid decided to pay them.
So far this year, Rite Aid is RansomHub’s second target after the ransomware gang claimed responsibility for hacking the U.S. telecom Frontier Communications back in April.
What to do next if you’re a Rite Aid shopper
If you shopped at Rite Aid between June of 2017 and July of 2018, your personal information could be in the hands of hackers and may even end up online since RansomHub often auctions off its stolen data to the highest bidder on the dark web.
Fortunately though, the drugstore chain has said that it will provide identity monitoring services from Kroll at no cost. The company has a team of licensed private investigators that are available to answer questions and provide data breach victims with steps they can take to keep their personal information safe. Unlike with the best identity theft protection services though, it appears that Kroll doesn’t offer identity theft insurance to help victims recover lost assets and wages. Still though, this is better than what some other companies offer.
Affected Rite Aid customers will likely receive an email or perhaps even a letter in their mailbox letting them know how they can sign up for Kroll’s identity monitoring along with other steps they can take to stay safe following this breach.
At the same time, you also want to closely monitor your online accounts and bank accounts for any signs of fraud or other suspicious activity. You also want to be on the lookout for targeted phishing attacks that could be used to spread dangerous malware. This is where the best antivirus software can help detect any malware hackers might try to send you through emails with malicious attachments.
We’ll likely learn more about this latest data breach once Rite Aid and law enforcement agencies have conducted a full investigation into this matter.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.