Data breach hits Rite Aid pharmacy. How NJ residents can protect their personal info

By Daniel Munoz, NorthJersey.com

Pharmacy chain Rite Aid revealed this week that 2.2 million customers were exposed in a data breach in June.

The leaked data includes driver’s license numbers, addresses and dates of birth, Rite Aid said in a July 15 press release The stolen data was associated with completed attempted purchases made between June 6, 2017 and July 30, 2018, Rite Aid said.

According to the Rite Aid press release, the breached data did not include Social Security numbers, financial information or patient information.

Rite Aid said it notified state authorities in Maine, Massachusetts, Oregon and Vermont. It is not clear if New Jersey authorities were contacted by Rite Aid regarding the breach — representatives for the state Attorney General’s office could not be immediately reached by email Thursday morning.

“We regret that this incident occurred and are implementing additional security measures to prevent potentially similar attacks in the future,” Rite Aid said in a statement this week.

“We take our obligation to safeguard personal information very seriously and are alerting affected consumers about this incident.”

Rite Aid bankruptcy has led to closing stores

June’s breach announcement comes as the beleaguered retail pharmacy chain emerges from bankruptcy protection — a process that saw hundreds of stores close across the nation.

The chain faces slumping sales and battles lawsuits over its alleged role in fueling the opioid epidemic by illegally filling prescriptions for painkillers.

Rite Aid had more than 2,000 stores when it filed for bankruptcy in October last year. Under a plan approved in federal court late June, Rite Aid will have 1,300 locations remaining, according to Reuters.

A spokesperson for Rite Aid could not be immediately reached for comment by email Thursday morning.

Data breaches become more common

Telecom giant AT&T recently announced that the call and text message records of nearly all of its cellular customers were exposed in a massive breach.

“What this means is that criminals now have a better way to impersonate us because they know who we talk to, who our friends are, and where we may live and work,” said David Bader, a professor at the Ying Wu College of Computing at the New Jersey Institute of Technology in Newark.

“This makes it much easier for a scammer to impersonate a family member, our boss, or ourselves,” Bader said.

Scammers and hackers could use the information gleaned by data breaches such as AT&T and Rite Aid to create a “digital twin” and request things like money or passwords, Bader said.

“Criminals can use this information to commit targeted acts of phishing by convincing you their communications are from a legitimate source" such as your bank or a government official, the credit monitoring company Experian said in an April blog post. “Their goal may be to con you into handing over more sensitive information, or to trick you into providing access to your financial accounts.”

And what to do if you suspect someone is trying to scam you?

“Any time we get a request that sounds too urgent or requires money or a transfer or seems a little unusual, where we get a gut feeling that, ‘Hmm, this is strange,’ should take a deep breath and inspect the message closely,” Bader said.

“Is it coming from the email address we would expect or not, from a friend, family member or boss? It’s always fine to pick up the phone to verify that it’s a valid email before taking some urgent action.”

Daniel Munoz covers business, consumer affairs, labor and the economy for NorthJersey.com and The Record.

https://www.northjersey.com/story/news/business/2024/07/18/rite-aid-data-breach/74452806007/