Rite Aid is facing a class action lawsuit following a data breach that exposed the information of over 2.2 million customers. Filed by plaintiff Erica Judka on July 26 in a Pennsylvania federal court, the lawsuit alleges that the pharmacy chain demonstrated negligence by lacking adequate cybersecurity measures. The breach, which occurred on June 6, was traced back to hackers who accessed the system using an employee’s credentials, compromising sensitive customer information, including names, addresses, birth dates, and driver’s license numbers from purchases made between June 2017 and July 2018.
Rite Aid acknowledged the breach and communicated with affected customers through letters sent on July 15, stating that no financial information, patient records, or Social Security numbers were compromised. In response to the incident, the company promised to implement additional security measures to prevent future breaches. However, Judka claims that Rite Aid failed to adequately address the threat of cyberattacks and did not provide sufficient details about the breach, such as the identity of the attackers or whether the stolen data was held for ransom.
Judka criticized Rite Aid’s response, asserting that offering free credit monitoring and identity restoration services was “woefully inadequate.” She reported a surge in spam and robocalls since the breach, indicating ongoing risks for affected customers due to their personal information still being stored in Rite Aid’s systems. The lawsuit emphasizes the necessity for more robust security protocols and transparency regarding the breach.
Seeking to represent the affected class, Judka is suing for negligence, breach of fiduciary duty, and breach of confidence. She aims to achieve certification for the class action, along with seeking damages, legal fees, and a jury trial. Additionally, the lawsuit calls for Rite Aid to implement regular security testing and improve its cybersecurity measures to protect customer data in the future.
Reference: