From PC Mag: Rite Aid says a recent data breach affects 2.2 million users — far fewer than the 45 million claimed by the ransomware group allegedly behind the attack.
The drugstore chain was previously mum on the number of users affected. But on Monday, Rite Aid disclosed the 2.2 million figure in a data breach notice to Maine’s attorney general.
Although Rite Aid has so far declined to identify those behind the attack, a ransomware group called RansomHub claims to have stolen 10GB of information from the company. The gang says it looted customer information, including names, addresses, dates of birth, and driver’s license numbers, which aligns with Rite Aid’s findings. However, RansomHub suggested in a post on its website that it stole data from 45 million Rite Aid customers.
The ransomware gang is now demanding Rite Aid pay up to keep the data secret or else RansomHub will leak it in nine days. The group also claims the company was preparing to negotiate a payment before cutting off communications. “From this it is obvious that the Riteaid [sic] leadership don't value the safety of it's [sic] customers sensitive details,” the gang alleged.
View: Full Article