Rite Aid said that once it was told about the exploit, it installed and updated its systems as well as the provider’s software. In the process, Rite Aid discovered that, on May 27, the “third party” managed to access files containing personal customer information.
Customer information in the files included:
- Patient First and Last Name
- Date of Birth
- Address
- Prescription Information
- Limited Insurance Information
- Cardholder ID
- Plan Name
Social Security numbers and credit card numbers were not accessed in the breach, according to Rite Aid.