RansomHub Claims Responsibility for Rite Aid Ransomware Attack
Rite Aid, the third largest pharmacy chain in the United States, has announced that it experienced a cyberattack in June that exposed customer data. Third-party cybersecurity specialists were engaged to investigate the incident and the investigation and incident response are now in the final stages. All compromised systems have been restored and are fully operational, the review of the exposed files is approaching completion, and individual notification letters will soon be mailed.
Rite Aid explained that the attack occurred on June 6, when a threat actor impersonated an employee resulting in access being gained to certain business systems. “We detected the incident within 12 hours and immediately launched an investigation to terminate the unauthorized access, remediate affected systems, and ascertain if any customer data was impacted,” explained Rite Aid.
The hacked data relates to purchases or attempted purchases of certain retail items and includes names, addresses, dates of birth, and driver’s license numbers/government IDs presented at the time of purchase. The breached data relates to purchases between June 6, 2017, and July 30, 2018. Rite Aid has confirmed that it was a limited cybersecurity incident and did not involve Social Security numbers, financial information, or health data. The breach has been reported to the Maine Attorney General as involving the personal information of 2.2 million customers. The notice to the Maine Attorney General says credit monitoring and identity theft protection services are being offered to the affected individuals.
Rite Aid has not confirmed which ransomware group was behind the attack; however, the RansomHub group has claimed responsibility. RansomHub claims to have stolen 10GB of data in the attack, including around 45 million lines of personal information such as names, addresses, dates of birth, ID numbers, and Rite Aid rewards numbers. RansomHub said Rite Aid attempted to negotiate but as the negotiations were approaching the final stages, all communications stopped. As a result, RansomHub has threatened to upload the stolen data to its data leak site in two weeks.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
RansomHub is a relatively new ransomware group that emerged in February 2024. The group has been highly active and has been actively recruiting affiliates, which include the Scattered Spider cybercrime group. RansomHub attempted to extort Change Healthcare after allegedly obtaining the data stolen in the February 2024 ransomware attack from a then Blackcat ransomware group affiliate. One of the most recent attacks was on the Florida Department of Health. Data from that attack was leaked when the ransom was not paid.
