US pharmacy chain Rite Aid has confirmed that last month's ransomware attack resulted in data theft.
In a statement, the company said it was currently investigating the cyberattack and is working to send data breach notifications to affected customers.
“Rite Aid experienced a limited cybersecurity incident in June and we are finalizing our investigation. We take our obligation to protect personal information very seriously and this incident has been a top priority,” Rite Aid said. “Together with our expert third-party cybersecurity partners, we have restored our systems and are fully operational. We are sending notices to affected consumers.”
Rescue center
The company did not say how many people were affected by the incident or detail what type of data was stolen.
However, Rite Aid said what information was not stolen: health information and financial data, noting, “We can confirm that no Social Security numbers, financial information or patient information were affected by this incident.”
At the same time, a ransomware operation called RansomHub claimed responsibility for the attack and shared more details on its data leak page:
“By gaining access to the Riteaid network, we obtained over 10GB of customer information, which equates to around 45 million lines of personal information of individuals. This information includes name, address, customer ID number, date of birth, and Riteaid rewards number,” the group apparently wrote on its dark web page.
He added that Rite Aid had failed to comply with the ransom negotiations, so he plans to leak everything in about two weeks.
RansomHub is a relatively new threat actor, having emerged from the defunct ALPHV (aka BlackCat). In early 2024, an ALPHV affiliate broke into Change Healthcare, stole a massive database of sensitive information, and demanded a $22 million ransom. Since ALPHV operates on a ransomware-as-a-service (RaaS) model, the payment was made to ALPHV operators, who should then have shared the loot with the affiliate who committed the breach.
Instead, the operators kept all the money and disappeared, leaving the affiliate penniless and with a large amount of sensitive Change Healthcare data. This affiliate then changed its name to RansomHub and even demanded more money from Change Healthcare at one point.
Through Computer beeping
