Ceremony Support says breach exposes delicate particulars of two.2 million prospects

Ceremony Support, the third largest US drug retailer chain, stated that greater than 2.2 million of its prospects have been swept into an information breach that stole private data, together with driver’s license numbers, addresses, and dates of delivery.

The corporate stated in necessary filings with the attorneys normal of states together with Maine, Massachusetts, Vermont, and Oregon that the stolen knowledge was related to purchases or tried purchases of retail merchandise made between June 6, 2017, and July 30, 2018. The info offered included the purchaser’s title, handle, date of delivery, and driver’s license quantity or different type of government-issued ID. No social safety numbers, monetary data, or affected person data was included.

“On June 6, 2024, an unknown third social gathering impersonated an organization worker to compromise their enterprise credentials and acquire entry to sure enterprise methods,” the submitting said. “We detected the incident inside 12 hours and instantly launched an inner investigation to terminate the unauthorized entry, remediate affected methods and verify if any buyer knowledge was impacted.”

RansomHub, the title of a comparatively new ransomware group, has taken credit score for the assault, which it stated yielded greater than 10GB of buyer knowledge. RansomHub emerged earlier this 12 months as a rebranded model of a gaggle often known as Knight. In line with safety agency Examine Level, RansomHub turned probably the most prevalent ransomware group following a world operation by legislation enforcement in Could that took down a lot of the infrastructure utilized by rival ransomware group Lockbit.

On its darkish website, RansomHub stated it was in superior phases of negotiation with Ceremony Support officers when the corporate all of the sudden lower off communications. A Ceremony Support official didn’t reply to questions despatched by e-mail. Ceremony Support has additionally declined to say if the worker account compromised within the breach was protected by multifactor authentication.

Ceremony Support has greater than 1,700 shops in 16 states. It posted gross sales of $5.7 billion in its most up-to-date fiscal quarter, ending on June 3. The chain filed for chapter in October, largely to hunt safety from lawsuits surrounding the opioid disaster. Ceremony Support is a defendant in a number of lawsuits stemming from a separate knowledge breach in Could 2023. The sooner breach uncovered affected person names, dates of delivery, addresses, prescription knowledge, and insurance coverage knowledge for greater than 24,000 prospects. Ceremony Support has beforehand reported breaches in 2015, 2017, and 2018.