Pharmacy chain Rite Aid has revealed that a recent data breach impacts 2.2 million people. Meanwhile, a known ransomware group is threatening to leak sensitive information stolen from the company.
Rite Aid is telling customers that, on June 6, hackers impersonated an employee in an effort to compromise their credentials and gain access to business systems. The incident was detected within 12 hours and the company rushed to terminate the unauthorized access.
An investigation revealed that the attacker obtained data associated with the purchase or attempted purchase of some products.
“This data included purchaser name, address, date of birth and driver’s license number or other form of government-issued ID presented at the time of a purchase between June 6, 2017, and July 30, 2018. To confirm, no Social Security numbers, financial information or patient information was impacted by the incident,” Rite Aid said.
The company told the Maine Attorney General that 2.2 million individuals are affected by the data breach and that they are being offered 12 months of free credit monitoring and identity protection services.
The hack came to light last week after the RansomHub ransomware group listed the company on its leak website. At the time, Rite Aid described it as a “limited cybersecurity incident”.
The hackers are threatening to leak data stolen from Rite Aid in nine days unless a ransom is paid.
The cybercriminals claim to have obtained 10 Gb of customer information, including names, addresses, dates of birth, and identification document numbers. RansomHub suggested that it came close to reaching an agreement with Rite Aid.
According to its website, Rite Aid has more than 1,700 stores across 16 states.
Related: Ransomware Gang Leaks Data Allegedly Stolen from Florida Department of Health
Related: Patelco Credit Union Scrambling to Restore Systems Following Ransomware Attack
Related: Chicago Children’s Hospital Says 791,000 Impacted by Ransomware Attack
