Rite Aid Data Breach
Rite Aid Pharmacy Chain Breach (2024): 12 Million Customer Records Including Driver's License Exposed via Employee Impersonation
U.S. pharmacy chain providing prescriptions, retail health products, and related services.
Risk Interpretation
Severe risk of identity theft, fraud, and privacy harm. Pharmacy and prescription context can also enable targeted health-themed scams and expose sensitive medication or care relationships.
Impact & Downstream Threats
On June 6, 2024, an attacker impersonated a Rite Aid employee to compromise business credentials and gain access to customer systems — a social engineering attack the company detected and terminated within 12 hours. RansomHub claimed responsibility and published a sample of stolen data. Rite Aid confirmed the breach affected approximately 2.2 million customers whose purchase records from June 2017 through July 2018 were exposed, including names, addresses, dates of birth, and driver's license nu
- SIM swap attacks where phone numbers are present
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
Rite Aid, the third-largest pharmacy chain in the United States, suffered a data breach in June 2024 after an attacker impersonated a company employee to obtain business credentials and access customer systems. The intrusion, a social engineering attack, was detected and shut down within 12 hours. The ransomware group RansomHub claimed responsibility and published a sample of the stolen data. Approximately 2.2 million customers were affected, with records drawn from purchases made between June 2017 and July 2018. The exposed data included names, home addresses, dates of birth, and driver's license numbers. Because Rite Aid operates in a pharmacy context, affected individuals face elevated risk beyond standard identity theft. The combination of government-issued ID details and purchase history can enable targeted health-themed scams or expose sensitive care and medication relationships to bad actors. Rite Aid began notifying affected customers in July 2024 and offered identity monitoring services. A class-action lawsuit filed in the Eastern District of Pennsylvania alleged the stolen data had been stored unencrypted and that notification was unreasonably delayed. In March 2025, Rite Aid agreed to a $6.8 million settlement. Class members may be eligible for up to $10,000 in documented losses and two years of credit monitoring. Affected individuals should monitor their credit, watch for suspicious communications referencing health or pharmacy activity, and consider placing a fraud alert or credit freeze with the major credit bureaus.
About Rite Aid
Rite Aid is the third-largest pharmacy chain in the United States, operating retail pharmacy locations across 15 states offering prescription services, over-the-counter health products, and general merchandise. The company is headquartered in Philadelphia. It has operated under significant financial and legal pressure throughout the early 2020s, including class action exposure related to opioid dispensing practices.
Why They Hold Your Data
Pharmacy retailers collect highly sensitive customer identity, contact details, prescription and pharmacy records, payment-adjacent data, loyalty activity, and healthcare-service interactions across retail and clinical workflows.
Recent Developments
Rite Aid filed for Chapter 11 bankruptcy in October 2023, citing federal lawsuits and financial liabilities related to the opioid crisis. It closed more than 700 stores as part of the restructuring and emerged from bankruptcy in September 2024 as a private company under a reorganization plan approved by a federal judge in June 2024. The 2024 data breach occurred during this bankruptcy and restructuring period.
Data Points Exposed
Exposure Categories
Canonical Fields
drivers_license, full_name, phone_number, physical_address:home
Dark Web Verification
- Dataset containing ~12.3M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: rite-aid-2024
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Rite Aid
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam