BleepingComputer reports that major U.S. drugstore chain Rite Aid had personal information from 2.2 million customers compromised following a ransomware attack last month, which the RansomHub ransomware operation has since taken responsibility for.
Attackers leveraged stolen employee credentials to infiltrate Rite Aid's network and facilitate the theft of customer data from June 6, 2017, to July 30, 2018, including their names, birthdates, addresses, and government-issued IDs, according to a filing with the Office of the Maine Attorney General, which emphasized that no Social Security numbers, health information, or financial details had been compromised as a result of the incident. Rite Aid's disclosure comes days after RansomHub — which was involved in the attack against Frontier Communications earlier this year — claimed to have exfiltrated more than 10 GB of customer data from the pharmacy chain's systems, which would be exposed should the drugstore chain refuse to fulfill its demands. Rite Aid has yet to confirm RansomHub's assertions.
