The recent ransomware attack on Rite Aid affected 2.2 million people in total, the company confirmed in a filing with the Maine Attorney General's Office.
The company also provided a copy of the breach notification letter it is sending to those affected, noting that the breach occurred on June 6 and was detected 12 hours later.
At the time, the threat actors managed to obtain “certain data associated with the purchase or attempted purchase of specific retail products,” including “the purchaser’s name, address, date of birth, and driver’s license number or other form of government-issued identification presented at the time of a purchase between June 6, 2017, and July 30, 2018.”
Sensitive data stolen
Following the data breach, Rite Aid initially issued a statement saying it had suffered a ransomware attack that resulted in data theft, but it did not say how many people were affected by the incident or what type of information the attackers stole.
“Rite Aid experienced a limited cybersecurity incident in June and we are finalizing our investigation,” it said at the time. “We take our obligation to protect personal information very seriously and this incident has been a top priority.” “Together with our expert third-party cybersecurity partners, we have restored our systems and are fully operational.”
Now, the regulatory filing confirmed that more than two million people were affected, including more than 30,000 Maine residents. Rite Aid also confirmed that the attackers did not steal Social Security numbers (SSN), financial information or patient information.
The company said it is currently implementing “additional security measures” to ensure that these attacks are not repeated in the future, without explaining what those measures are. Additionally, affected individuals are receiving free credit monitoring, fraud consultation and identity theft restoration services through Kroll.
Through Computer beeping
