Table of Contents
PHILADELPHIA—Rite Aid Corp. is alerting its customers about an incident that may have resulted in the leak of some personal information. The company said it is mailing letters to any potentially affected consumer associated with a mailing address in our systems.
On June 6, 2024, an unknown third party impersonated a company employee to compromise their business credentials and gain access to certain business systems. Rite Aid said it detected the incident within 12 hours and immediately launched an investigation to terminate the unauthorized access, remediate affected systems and ascertain if any customer data was impacted. We also reported the incident to law enforcement, as well as federal and state regulators.
By June 17, 2024, the company determined that the unknown third party acquired certain data associated with the purchase or attempted purchase of specific retail products. This data included purchaser name, address, date of birth and driver’s license number or other form of government-issued ID presented at the time of a purchase between June 6, 2017, and July 30, 2018. Rite Aid emphasized that no social security numbers, financial information or patient information was impacted by the incident.
“We regret that this incident occurred and are implementing additional security measures to prevent potentially similar attacks in the future,” the company said in a statement. “We take our obligation to safeguard personal information very seriously and are alerting affected consumers about this incident”
Rite Aid said that anyone with additional questions may call the company’s dedicated assistance line toll-free at (866) 810-8094 from 8 a.m. to 5:30 p.m. Central Time, Monday through Friday, excluding holidays. This line will remain open until October 15, 2024. Any Rite Aid consumer who did not receive a letter regarding this incident but would like to know if they were affected can call the dedicated assistance line.