On June 6, the drugstore chain said "an unknown third party" impersonated a company employee to gain access to the company's business systems. The incident was detected in 12 hours and an investigation was launched and the unauthorized access was terminated.
STAY IN THE KNOW
 |
Watch NBC10 Boston news for free, 24/7, wherever you are. |
 |
Get Boston local news, weather forecasts, lifestyle and entertainment stories to your inbox. Sign up for NBC Boston’s newsletters. |
The incident was also reported to law enforcement and federal and state regulators, including the attorneys general of states including Maine, Massachusetts and Vermont.
"We determined by June 17, 2024, that the unknown third party acquired certain data associated with the purchase or attempted purchase of specific retail products," Rite Aid said in a statement. "This data included purchaser name, address, date of birth and driver’s license number or other form of government-issued ID presented at the time of a purchase between June 6, 2017, and July 30, 2018. To confirm, no social security numbers, financial information or patient information was impacted by the incident."
Get top local stories in Boston delivered to you every morning. Sign up for NBC Boston's News Headlines newsletter.
The company said it regrets that the incident occurred and is implementing additional security measures to prevent similar cyber attacks in the future. They said they will also be alerting affected customers about the data breach.
Anyone with questions about the data breach can call Rite Aid toll-free at 866-810-8094. The line will remain open until Oct. 15.
