Rite Aid, the pharmacy chain that filed for bankruptcy in October, recently announced a data breach that exposed customers’ sensitive information. The breach occurred between June 6, 2017, and July 30, 2018, and included a year’s worth of customers’ data, such as names, addresses, dates of birth, and driver’s license numbers. However, no Social Security numbers, financial information, or patient information were impacted.
The breach was discovered within 12 hours and immediately investigated by Rite Aid. The company took swift action to terminate the unauthorized access, remediate affected systems, and determine the extent of the data compromise. Law enforcement, as well as federal and state regulators, were notified of the incident.
Rite Aid attributed the breach to an unknown third party who impersonated a company employee on June 6. This individual gained access to certain business systems by compromising business credentials. The pharmacy chain expressed regret over the incident and emphasized its commitment to implementing additional security measures to prevent similar attacks in the future.
To address the breach, Rite Aid is mailing letters to potentially affected consumers associated with a mailing address in their systems. Additionally, a dedicated assistance line has been set up for consumers with questions or concerns about the incident. The assistance line will remain open until October 15.
It is worth noting that the Rite Aid data breach notice comes shortly after AT&T, a telecommunications giant, revealed a similar breach affecting nearly all of their customers. AT&T discovered the breach in April and reported that it involved an unauthorized download of data from a third-party cloud platform. The compromised records included calls and texts for almost all AT&T cellular customers, as well as customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network and AT&T landline customers who interacted with those cellular numbers.
The affected period for the AT&T breach spanned from May 1, 2022, to October 31, 2022. Additionally, a small number of customers had additional records leaked from January 2, 2023. The compromised data primarily consisted of telephone numbers involved in interactions and, in some cases, cell site identification numbers.
Data breaches like these highlight the importance of robust cybersecurity measures for businesses. Companies must continuously invest in security protocols to protect customer data and prevent unauthorized access. As cyber threats evolve, organizations need to stay vigilant and proactive in safeguarding personal information.
Consumers affected by the Rite Aid breach are encouraged to take advantage of the assistance line provided by the company. Furthermore, customers who suspect they may have been affected but did not receive a notification letter can also contact the assistance line for further information.
In conclusion, data breaches continue to pose a significant risk to companies and their customers. Rite Aid’s recent breach serves as a reminder of the ongoing threat that unauthorized access to sensitive information presents. By promptly addressing breaches, implementing enhanced security measures, and keeping customers informed, companies can mitigate the impact of these incidents and maintain trust with their clientele.
