Rite Aid Becomes RansomHub's Latest Victim After Data Breach
The breach affects older customer information involved in purchases made from June 6, 2017, up until July 30, 2018.
This morning Rite Aid, an American drugstore chain, revealed news of falling victim in a data breach last month in what it called a "limited cybersecurity incident."
On June 6, a third-party threat actor impersonated a company employee and gained access to certain company systems. This unauthorized access was detected soon after, and the company launched an investigation to determine the scope of the breach and whether any data was compromised.
Though the company has determined that no Social Security numbers, financial information, or patient information was affected in the breach, the threat actors did acquire data connected to purchases of retail products, including names, addresses, dates of birth, and driver's licenses or government IDs.
The company has not released an official statement revealing who the threat actors are, but RansomHub gang has claimed that it breached the company's systems.
"While having access to the Rite-Aid network, we obtained over 10GB of customer information equating to around 45 million lines of people's personal information," the ransomware group said on its Dark Web leak site. "This information includes name, address, dl_id number, DoB, Rite Aid rewards number."
Rite Aid reportedly stopped negotiating a ransom, prompting the ransomware group to share snippets of what it claims is stolen data as proof and add a two-week deadline before more information will be leaked.
About the Author
You May Also Like
Your guide to the great SIEM migration
August 21, 2024How to Find and Fix Application Vulnerabilities
August 22, 2024Securing Your Cloud Assets
August 27, 2024Determining Exposure and Risk In The Event of a Breach
August 28, 2024Developing a Cyber Risk Assessment for the C-Suite
August 29, 2024
Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024