Getty Photos
Ceremony Assist, the third largest US drug retailer chain, stated that greater than 2.2 million of its prospects have been swept into a knowledge breach that stole private data, together with driver’s license numbers, addresses, and dates of start.
The corporate stated in necessary filings with the attorneys normal of states together with Maine, Massachusetts, Vermont, and Oregon that the stolen information was related to purchases or tried purchases of retail merchandise made between June 6, 2017, and July 30, 2018. The info supplied included the purchaser’s identify, handle, date of start, and driver’s license quantity or different type of government-issued ID. No social safety numbers, monetary data, or affected person data was included.
“On June 6, 2024, an unknown third social gathering impersonated an organization worker to compromise their enterprise credentials and achieve entry to sure enterprise techniques,” the submitting acknowledged. “We detected the incident inside 12 hours and instantly launched an inside investigation to terminate the unauthorized entry, remediate affected techniques and verify if any buyer information was impacted.”
RansomHub, the identify of a comparatively new ransomware group, has taken credit for the assault, which it stated yielded greater than 10GB of buyer information. RansomHub emerged earlier this yr as a rebranded model of a gaggle often called Knight. According to safety agency Test Level, RansomHub turned essentially the most prevalent ransomware group following an international operation by regulation enforcement in Could that took down a lot of the infrastructure utilized by rival ransomware group Lockbit.
On its darkish website, RansomHub stated it was in superior levels of negotiation with Ceremony Assist officers when the corporate instantly minimize off communications. A Ceremony Assist official didn’t reply to questions despatched by e mail. Ceremony Assist has additionally declined to say if the worker account compromised within the breach was protected by multifactor authentication.
Ceremony Assist has greater than 1,700 shops in 16 states. It posted gross sales of $5.7 billion in its most up-to-date fiscal quarter, ending on June 3. The chain filed for chapter in October, largely to hunt safety from lawsuits surrounding the opioid disaster. Ceremony Assist is a defendant in a number of lawsuits stemming from a separate data breach in Could 2023. The sooner breach uncovered affected person names, dates of start, addresses, prescription information, and insurance coverage information for greater than 24,000 prospects. Ceremony Assist has beforehand reported breaches in 2015, 2017, and 2018.
