Rite Aid reveals data breach impacted 2.2 million customers

In that time, the threat actors managed to grab “certain data associated with the purchase or attempted purchase of specific retail products,” including “purchaser name, address, date of birth and driver’s license number or other form of government-issued ID presented at the time of a purchase between June 6, 2017, and July 30, 2018.”

Sensitive data stolen

Following the breach, Rite Aid initially issued a statement, saying it suffered a ransomware attack which resulted in data theft, but did not say how many people were affected by the incident, nor what type of information the attackers stole. 

"Rite Aid experienced a limited cybersecurity incident in June, and we are finalizing our investigation,” it said at the time. “We take our obligation to safeguard personal information very seriously, and this incident has been a top priority." "Together with our third-party cybersecurity partner experts, we have restored our systems and are fully operational.”

Now, the filing with the regulators confirmed more than two million affected individuals, including more than 30,000 Maine residents. Rite Aid also confirmed that the attackers did not steal Social Security Numbers (SSN), financial information, or patient information.

The company said it is currently implementing “additional security measures” to make sure these attacks don’t repeat in the future, without explaining what those measures are. Additionally, the affected individuals are getting free credit monitoring, fraud consultation, and identity theft restoration services through Kroll.

Via BleepingComputer

More from TechRadar Pro

• US government warns of possible security issue with popular geospatial data platform
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now