Article Details

Rite Aid confirms data breach after June ransomware attack. Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation. Rite Aid is the third-largest drugstore chain in the United States, employing over 6,000 pharmacists (out of a total workforce of over 45,000) in more than 1,700 retail pharmacy stores across 16 states. The company told BleepingComputer on Friday that it's currently investigating a cyberattack detected in June and working on sending data breach notifications to customers affected by the resulting data breach. It also added that it had restored all systems compromised in the incident with the help of external experts it hired to address the attack's impact. "Rite Aid experienced a limited cybersecurity incident in June, and we are finalizing our investigation. We take our obligation to safeguard personal information very seriously, and this incident has been a top priority," Rite Aid said. "Together with our third-party cybersecurity partner experts, we have restored our systems and are fully operational. We are sending notices to impacted consumers." While Rite Aid didn't share what customer data was accessed in the breach or how many individuals were affected, it said that the data breach doesn't impact health or financial information. "In the meantime, we can confirm that no social security numbers, financial information, or patient information were impacted by this incident," the company added. Attack claimed by RansomHub gang Even though Rite Aid has yet to share who was behind the June attack, the statement came after BleepingComputer reached out to confirm the RansomHub ransomware gang's claims that it breached the pharmacy giant's systems and stole customers' data. ​"While having access to the Riteaid network we obtained over 10 GB of customer information equating to around 45 million lines of people's personal information. This information includes name, address, dl_id number, dob, riteaid rewards number," the threat group said on their dark web leak site. After adding Rite Aid to its leak site because the company supposedly stopped negotiating a ransom, the ransomware gang shared a screenshot of some of the allegedly stolen data as proof, saying that everything would be leaked in two weeks. Rite Aid didn't reply to a request for more details regarding the June attack after BleepingComputer reached out again today. RansomHub is a relatively new threat group that demands ransom payments from victims in exchange for not leaking stolen files, often auctioning the files to the highest bidder if negotiations fail. They focus on data-theft-based extortion rather than encrypting files, even though they were identified as a potential buyer of Knight ransomware source code. Last month, RansomHub claimed responsibility for breaching the systems of U.S. telecom provider Frontier Communications in April, forcing them to shut down systems to contain the breach and stealing the information of 750,000 customers.