Rite Aid, a drugstore chain based in Philadelphia, suffered a significant data breach on May 27, compromising the personal information of its customers, including names, birth dates, addresses, and prescription details.
The breach was discovered when a vendor partner notified Rite Aid of a vulnerability in its software that had been exploited by an unknown third party on May 31.
Immediately following the discovery, Rite Aid mailed letters to affected customers on July 20, expressing regret for the incident and reporting the breach to law enforcement, federal, and state regulators.
During a review of their systems and software, Rite Aid’s vendor provided a software update to address the vulnerability, revealing that certain company files had been accessed by the unauthorized third party on May 27.
Fortunately, social security numbers and credit card information were not compromised in the breach, although insurance data, such as plan names and cardholder IDs, were accessed by the intruder, as reported by local news outlet WGAL.
The drug store chain’s efforts to enhance its legal and privacy management were evident as they hired a new chief legal officer, Thomas Sabatino, in June. While the timing of the hiring coincided with the breach, it remains unclear whether it was directly related.
Sabatino’s role in the organization is to oversee legal affairs, enterprise risk management, compliance, regulatory affairs, and privacy matters, as highlighted in the release.
As Rite Aid addresses the breach and strengthens its security measures, the focus is on protecting customer data and preventing future incidents of this nature.