Is 2024 the year of the data breach? It certainly seems like it with what's happened to AT&T, Ticketmaster, and Advanced Auto Parts.
Now, less than a year after suffering through filing for bankruptcy and a spate of store closings, Rite Aid has gone public with its discovery of an “incident” that involved “certain consumers’ personal information," too.
In its disclosure, the company said that on June 6, 2024, an unknown third party compromised certain business systems by impersonating a Rite Aid employee. The company said it detected the incident within 12 hours and immediately launched an investigation to terminate the unauthorized access, remediate affected systems and ascertain if any customer data was impacted.
Are you affected?
If you are a Rite Aid shopper or use its pharmacy to fill prescriptions, you no doubt are concerned about the safety of your personal data. To that end, the company admitted that the data included:
Purchaser name
Address
Date of birth
Driver’s license number or other form of government-issued ID…
...“presented at the time of a purchase between June 6, 2017, and July 30, 2018.”
However, Rite Aid said no Social Security numbers, financial information or patient information was impacted by the incident. The company did not release the total number of records compromised in the breach.
The company said it is mailing letters to any potentially affected consumer who was associated with a mailing address in its systems.
“We regret that this incident occurred and are implementing additional security measures to prevent potentially similar attacks in the future," the company said in its announcement.
"We are committed to protecting consumers’ information, and anyone with additional questions may call our dedicated assistance line toll-free at (866) 810-8094 from 8 a.m. to 5:30 p.m. Central Time, Monday – Friday, excluding holidays.”
“If you are a Rite Aid consumer who did not receive a letter regarding this incident, but you would like to know if you were affected, please call our dedicated assistance line."
In its report on the second quarter of 2024, the Identity Theft Resource Center (ITRC) found the number of publicly reported data breaches declined 12% over the second quarter of 2023. However, the number of people affected by those breaches surged, rising to 1,041,312,601, a 1,170% increase over the same period in 2023.