On June 6, the drugstore chain said "an unknown third party" impersonated a company employee to gain access to the company's business systems. The incident was detected in 12 hours and an investigation was launched and the unauthorized access was terminated.
WATCH ANYTIME FOR FREE
Stream NBC10 Boston news for free, 24/7, wherever you are. |
The incident was also reported to law enforcement and federal and state regulators, including the attorneys general of states including Maine, Massachusetts and Vermont.
"We determined by June 17, 2024, that the unknown third party acquired certain data associated with the purchase or attempted purchase of specific retail products," Rite Aid said in a statement. "This data included purchaser name, address, date of birth and driver’s license number or other form of government-issued ID presented at the time of a purchase between June 6, 2017, and July 30, 2018. To confirm, no social security numbers, financial information or patient information was impacted by the incident."
Get updates on what's happening in Boston to your inbox. Sign up for our News Headlines newsletter.
The company said it regrets that the incident occurred and is implementing additional security measures to prevent similar cyber attacks in the future. They said they will also be alerting affected customers about the data breach.
Anyone with questions about the data breach can call Rite Aid toll-free at 866-810-8094. The line will remain open until Oct. 15.