It was recently announced that approximately 2 million Rite Aid customers had their information stolen. This breach occurred several years ago, before the COVID-19 pandemic, but it’s only making headlines now. The ransomware gang Ransom Hub claimed responsibility for the attack, initially estimating that 45 million customers were affected. However, Rite Aid confirmed the actual number is far lower.
The data breach took place on June 6 and involved customer information from 2017 to 2018. The hacker posed as a company employee to steal data related to specific retail product purchases. Rite Aid detected the breach hours later, but by then, valuable information was already compromised. This included the names of customers, their addresses, dates of birth, and government IDs such as driver’s licenses.
The good news, if any, is that the breach only affected customers who made purchases between June 6, 2017, and July 30, 2018. However, this stolen data is now being sold on the dark web, which means consumers could start seeing an uptick in scams and frauds. Phishing emails, text messages, letters, phone calls, and even Facebook messages could all be used by scammers pretending to be from Rite Aid.
Rite Aid has set up a hotline for customers to check if they were affected. If you receive any suspicious communication, it’s crucial to verify its authenticity by calling this hotline directly. The hotline number is 1-866-810-8094, available from 8 am to 5:30 pm central time until October 15. Rite Aid will also send letters to impacted customers, which will be the only direct communication you should expect from them.
This incident is a stark reminder of the ongoing struggles businesses face with cybersecurity. Many companies, big and small, are not adequately prepared to protect their data. This is why at Xact IT, we've developed a program to help IT professionals implement robust cybersecurity measures in their companies. Our new Defend Your Business coaching program is designed for IT directors and professionals who want to enhance their company’s cybersecurity posture. You can sign up now at a discounted rate of $19 a month, a significant reduction from the future price of $100 a month. Click this link to sign up!
Rite Aid has stated that no social security numbers or financial payment information were stolen, but the breach still exposed sensitive personal and medical information. This could lead to scammers using this data for extortion, as seen in other cases where individuals were targeted based on their healthcare information.
The breach is particularly concerning as it underscores the importance of ongoing cybersecurity efforts. Businesses need to train their employees regularly to recognize and respond to potential threats. Annual or quarterly training is not enough. Continuous education is necessary to keep up with the evolving tactics of cybercriminals.
Small businesses, in particular, often believe they are too small to be targeted, but this is a dangerous misconception. More small companies are being hacked than large ones, and while these breaches might not make headlines, they are happening. Businesses of all sizes must take proactive steps to protect themselves.
For consumers, using a password manager, creating strong and unique passwords for each site, and enabling multi-factor authentication on all accounts are essential steps. Regularly monitoring your bank accounts for unauthorized transactions is also crucial. Cybercriminals often make small withdrawals to avoid detection, so setting low alert thresholds can help catch fraudulent activity early.
The Rite Aid data breach is a significant event, highlighting the importance of cybersecurity for both businesses and individuals. It took years for this breach to come to light, but the threat of cyberattacks remains as strong as ever. Stay informed, stay secure, and take every possible measure to protect your data.
