A Year’s Worth of Customer Data Was Obtained in Rite Aid Security Breach

A Year’s Worth of Customer Data Was Obtained in Rite Aid Security Breach
A Rite Aid in Costa Mesa, Calif., on Oct. 18, 2023. John Fredricks/The Epoch Times
Chase Smith
Updated:
0:00
Rite Aid is the latest company to announce a breach of customer’s data by unauthorized third parties, the pharmacy chain said in a statement on July 15.

The breach, which included a year’s worth of customers’ data, exposed sensitive information such as names, addresses, dates of birth, and driver’s license numbers.

The compromised data also included other forms of government-issued identification presented all used at the time of purchase between June 6, 2017, and July 30, 2018.

No Social Security numbers, financial information, or patient information were impacted by the incident, the notice said.

“We are mailing letters to any potentially affected consumer who was associated with a mailing address in our systems,” the company said in a press release.

Rite Aid Corporation—which filed for bankruptcy in October—provided notice of the security incident, detailing that an unknown third party impersonated a company employee on June 6 in order to compromise business credentials and gain access to certain business systems.

The breach was detected within 12 hours, the company said, prompting an immediate investigation to terminate the unauthorized access, remediate affected systems, and determine the extent of the data compromise. The incident was reported to law enforcement, as well as federal and state regulators.

By June 17, Rite Aid had determined that the unknown third party had acquired data associated with the purchase or attempted purchase of specific retail products.

“We regret that this incident occurred and are implementing additional security measures to prevent potentially similar attacks in the future,” the company said in the press release. “We take our obligation to safeguard personal information very seriously and are alerting affected consumers about this incident.”

Consumers with additional questions are encouraged to call a dedicated assistance line set up by the company toll-free at (866) 810-8094.

This assistance line will remain open until Oct. 15, the company said. Rite Aid also invited consumers who did not receive a notification letter but are concerned they may have been affected to contact the assistance line for further information.

The Rite Aid data breach notice was issued less than a week after telecommunications giant AT&T informed the public that nearly all of their customers had been affected in a similar breach.

AT&T said it had discovered the data breach in April, which involved an unauthorized download of data from a third-party cloud platform, and compromised records of calls and texts for nearly all AT&T cellular customers, as well as customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, and AT&T landline customers who interacted with those cellular numbers, the company said on July 12.

The affected period for that breach spanned from May 1, 2022, to October 31, 2022, with additional records from Jan. 2, 2023, for a small number of customers also being leaked. The compromised data includes telephone numbers involved in interactions and, for some records, cell site identification numbers.

Chase Smith
Chase Smith
Author
Chase is an award-winning journalist. He covers national news for The Epoch Times and is based out of Tennessee. For news tips, send Chase an email at [email protected] or connect with him on X.
twitter