American drugstore chain Rite Aid has confirmed that last month’s ransomware attack resulted in data theft.
In a statement, the company said it was currently investigating the cyberattack, and is working on sending out data breach notifications to affected customers.
"Rite Aid experienced a limited cybersecurity incident in June, and we are finalizing our investigation. We take our obligation to safeguard personal information very seriously, and this incident has been a top priority," Rite Aid said. "Together with our third-party cybersecurity partner experts, we have restored our systems and are fully operational. We are sending notices to impacted consumers."
RansomHub
The company did not say how many people are affected by the incident, nor did it detail the type of data that was stolen.
However Rite Aid did say what information was not stolen - health information, and financial data, noting, "we can confirm that no social security numbers, financial information, or patient information were impacted by this incident."
At the same time, a ransomware operation called RansomHub assumed responsibility for the attack, and shared more details on its data leak page:
"While having access to the Riteaid network we obtained over 10 GB of customer information equating to around 45 million lines of people's personal information. This information includes name, address, dl_id number, dob, riteaid rewards number," the group apparently wrote on its dark web page.
It added that Rite Aid did not follow through with a ransom negotiation, which is why it plans to leak everything in roughly two weeks.
RansomHub is a relatively new threat actor, spun out of the defunct ALPHV (AKA BlackCat). In early 2024, an affiliate of ALPHV broke into Change Healthcare, stole a huge database of sensitive information, and demanded $22 million in ransom. Since ALPHV operates on a Ransomware-as-a-Service (RaaS) model, the payment was made to ALPHV operators, which should have then shared the spoils with the affiliate that made the breach.
Instead, the operators took all of the money and disappeared, leaving the affiliate with no money and a lot of sensitive Change Healthcare data. This affiliate was later rebranded to RansomHub, and even demanded more money from Change Healthcare at one point.
Via BleepingComputer
More from TechRadar Pro
- Yet another hacker group demands ransom from Change Healthcare
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now