Cyber Incident Victim: Walgreens
Date:
Jun 2024
Location:
United States of America
Summary
An unauthorized third party recently impersonated an employee to compromise business credentials and access certain systems at Rite Aid. The company detected the breach within hours, terminated the intrusion, initiated remediation efforts, and notified law enforcement alongside regulators. Investigation revealed the attacker acquired purchaser names, addresses, dates of birth, and government-issued identification details linked to specific retail transactions occurring within a historical timeframe. No Social Security numbers, financial data, or patient health information was compromised. The organization is implementing enhanced security measures and directly notifying affected individuals via mailed correspondence while offering a dedicated assistance line for inquiries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 6, 2024, Rite Aid Corporation detected unauthorized access to certain business systems after an unknown third party impersonated a company employee to compromise legitimate business credentials. The organization identified the intrusion within 12 hours of its occurrence and initiated an immediate investigation to terminate the unauthorized access and remediate affected systems. Rite Aid concurrently engaged law enforcement and notified federal and state regulators about the security incident. The investigation sought to determine whether customer data had been accessed or exfiltrated during the breach, with a focus on understanding the scope and nature of potentially compromised information.
By June 17, 2024, Rite Aid confirmed that the threat actor had acquired data associated with specific retail product purchases or attempted purchases occurring between June 6, 2017, and July 30, 2018. The compromised information included purchaser names, physical addresses, dates of birth, and driver’s license numbers or other government-issued identification presented at the time of transaction. The company verified that no social security numbers, financial account details, or patient health information were impacted by the incident. Rite Aid began mailing notification letters to affected consumers associated with valid mailing addresses in its systems and established a dedicated toll-free assistance line operational until October 15, 2024, for inquiries. The organization stated it was implementing additional security measures to prevent similar future attacks while emphasizing its commitment to safeguarding personal information. No operational disruptions or system downtime beyond remediation efforts were reported in connection with the incident.