On July 15, 2024, the Vermont Office of the Attorney General reported a data breach involving Rite Aid that occurred on June 6, 2024. An unauthorized third party accessed certain business systems by impersonating an employee, potentially compromising purchaser names, addresses, dates of birth, and driver's license numbers of individuals who made purchases between June 6, 2017, and July 30, 2018. No financial or Social Security numbers were impacted.
Source: https://ago.vermont.gov/document/2024-07-15-rite-aid-data-breach-notice-consumers
TPRM report: https://www.rankiteo.com/company/riteaid
"id": "rit238072925",
"linkid": "riteaid",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Pharmacy',
'name': 'Rite Aid',
'type': 'Retail'}],
'attack_vector': 'Impersonation',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Purchaser names',
'Addresses',
'Dates of birth',
"Driver's license numbers"]},
'date_detected': '2024-07-15',
'date_publicly_disclosed': '2024-07-15',
'description': 'An unauthorized third party accessed certain business systems '
'by impersonating an employee, potentially compromising '
"purchaser names, addresses, dates of birth, and driver's "
'license numbers of individuals who made purchases between '
'June 6, 2017, and July 30, 2018.',
'impact': {'data_compromised': ['Purchaser names',
'Addresses',
'Dates of birth',
"Driver's license numbers"]},
'initial_access_broker': {'entry_point': 'Employee Impersonation'},
'references': [{'date_accessed': '2024-07-15',
'source': 'Vermont Office of the Attorney General'}],
'threat_actor': 'Unauthorized Third Party',
'title': 'Rite Aid Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Employee Impersonation'}