Rihem Akkouche reports:
In a dramatic legal turn, Rite Aid has consented to a $6.8 million settlement to resolve class action allegations that it failed to prevent a cyberattack compromising the sensitive information of over 2 million customers. The settlement, preliminarily approved by U.S. District Judge Harvey Bartle III on Tuesday, allows claimants to receive up to $10,000 for documented losses stemming from the breach, according to a court filing in Pennsylvania.
[…]
The breach, which resulted from an unknown third party impersonating a Rite Aid employee, granted the attackers access to certain business systems. According to the company’s security incident notice, Rite Aid detected the breach within 12 hours and swiftly launched an internal probe. However, the stolen data included deeply personal details—names, addresses, birth dates, and even government-issued identification documents—linked to purchases made between June 6, 2017, and July 30, 2018.
Read more at USA Herald.