Ceremony Support, the third-largest drugstore chain in america, says that 2.2 million clients’ private info was stolen final month in what it described as a “information security incident.”
The pharmacy large employs over 6,000 pharmacists (out of a complete workforce of greater than 45,000) in 1,700 retail shops throughout 16 states.
In data breach notification letters filed with the Workplace of Maine’s Legal professional Normal, Ceremony Support mentioned it detected the incident on June 6, 12 hours after the attackers breached its community utilizing an worker’s credentials.
“We decided by June 17, 2024, that sure information related to the acquisition or tried buy of particular retail merchandise was acquired by the unknown third celebration,” the corporate mentioned.
“This information included purchaser title, tackle, date of beginning and driver’s license quantity or different type of government-issued ID introduced on the time of a purchase order between June 6, 2017, and July 30, 2018.”
Simply because it informed BleepingComputer when it first confirmed the data breach on Friday, Rote Support added that the shoppers’ Social Safety numbers, monetary info, or well being info weren’t uncovered within the incident.
Attack claimed by ransomware gang
Though Ceremony Support has but to disclose who was behind the June assault, the RansomHub ransomware gang claimed the breach, saying additionally they stole buyer information from the corporate’s programs.
”Whereas getting access to the Riteaid community we obtained over 10 GB of buyer info equating to round 45 million strains of individuals’s private info. This info contains title, tackle, dl_id quantity, dob, riteaid rewards quantity,” RansomHub mentioned on their darkish internet leak web site.
The pharmacy chain was added to RansomHub’s leak web site after it allegedly halted ransom negotiations, which prompted the ransomware gang to share a screenshot of claimed stolen information as proof, stating that the whole lot can be leaked in two weeks.
Ceremony Support has but to reply to a request for extra particulars concerning the June incident after BleepingComputer reached out once more on Friday.
RansomHub is a comparatively new operation that extorts victims in change for not leaking stolen recordsdata. If negotiations fail, the recordsdata are sometimes auctioned to the best bidder.
The gang focuses on data-theft-based extortion slightly than encrypting victims’ recordsdata, though they have been recognized as a possible purchaser of Knight ransomware supply code.
Because the begin of the yr, RansomHub has additionally claimed duty for breaching U.S. telecom supplier Frontier Communications, stealing the data of 750,000 clients and forcing them to close down programs to comprise the breach.