Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Rite Aid confirms data breach following ransomware attack

Code Skull.

American drugstore chain Rite Aid has confirmed that last month’s ransomware attack resulted in data theft.

In a statement, the company said it was currently investigating the cyberattack, and is working on sending out data breach notifications to affected customers.

"Rite Aid experienced a limited cybersecurity incident in June, and we are finalizing our investigation. We take our obligation to safeguard personal information very seriously, and this incident has been a top priority," Rite Aid said. "Together with our third-party cybersecurity partner experts, we have restored our systems and are fully operational. We are sending notices to impacted consumers."

RansomHub

The company did not say how many people are affected by the incident, nor did it detail the type of data that was stolen.

However Rite Aid did say what information was not stolen - health information, and financial data, noting, "we can confirm that no social security numbers, financial information, or patient information were impacted by this incident."

At the same time, a ransomware operation called RansomHub assumed responsibility for the attack, and shared more details on its data leak page:

"While having access to the Riteaid network we obtained over 10 GB of customer information equating to around 45 million lines of people's personal information. This information includes name, address, dl_id number, dob, riteaid rewards number," the group apparently wrote on its dark web page.

It added that Rite Aid did not follow through with a ransom negotiation, which is why it plans to leak everything in roughly two weeks. 

RansomHub is a relatively new threat actor, spun out of the defunct ALPHV (AKA BlackCat). In early 2024, an affiliate of ALPHV broke into Change Healthcare, stole a huge database of sensitive information, and demanded $22 million in ransom. Since ALPHV operates on a Ransomware-as-a-Service (RaaS) model, the payment was made to ALPHV operators, which should have then shared the spoils with the affiliate that made the breach.

Instead, the operators took all of the money and disappeared, leaving the affiliate with no money and a lot of sensitive Change Healthcare data. This affiliate was later rebranded to RansomHub, and even demanded more money from Change Healthcare at one point. 

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.