Share this article on:
Pharmacy chain Rite Aid has discovered unauthorized individuals gained access to the e-commerce platform of its online store and stole sensitive information of its customers over a period of 10 weeks. The attackers gained access to, and stole, personal information and credit/debit card details.
An investigation into the breach revealed that access to the platform was first gained on January 30, 2017 and continued until April 11, 2017 when the intrusion was detected and unauthorized access was blocked.
During the time that unauthorized individuals had access to its e-commerce platform, they obtained customers names, addresses and payment card information, including card numbers, expiry dates and CVV numbers. The incident impacts all customers who used the online store between the above dates and manually entered their payment card details.
A leading cybersecurity firm was called in to help determine how the breach occurred, which individuals were impacted, and to mitigate future risk. Rite Aid is also working closely with payment card companies and assisting in their investigations of the data breach.
Due to the sensitive nature of the data compromised in the attack, affected individuals face an elevated risk of experiencing payment card fraud. To reduce risk, all affected individuals have been offered 12 months of identity monitoring services free of charge through Kroll.
At present, it is unclear exactly how many individuals have been impacted by the breach as this incident has yet to be reported on the Department of Health and Human Services’ Office for Civil Rights breach portal.