Pharmacy giant Rite Aid receives online paystubs, W-2s, and self-service applications from Equifax. In early March, Equifax notified Rite Aid that it had detected suspicious activity on some Rite Aid employee accounts. Equifax’s investigation resulted in a subsequent notification to Rite Aid on April 30 that an employee had misused their privileged access to reset those accounts and access personal information including name, address, telephone number, Social Security number, and payroll information.
The improper access occurred between January and February 2015.
In response to the incident, Equifax terminated the employee’s employment, and forced a password reset for affected accounts. They also offered those affected a year of complimentary services with Equifax’s own product, ID Patrol.