Rite Aid is the wrong aid

Dan Goodin, writing for Ars Technica:

Rite Aid, the third biggest US drug store chain, said that more than 2.2 million of its customers have been swept into a data breach that stole personal information, including driver’s license numbers, addresses, and dates of birth.

But seriously, who would want to shop at Rite Aid? Five breaches in 10 years where the information of their customers has been stolen!

Rite Aid is a defendant in several lawsuits stemming from a separate data breach in May 2023. The earlier breach exposed patient names, dates of birth, addresses, prescription data, and insurance data for more than 24,000 customers. Rite Aid has previously reported breaches in 2015, 2017, and 2018.

They obviously have a cultural challenge which has them pay little to no attention to information security. The directors should be on the hook for their continued malfeasance. It’s unfathomable that it continues to happen and if I was in their technology department, I’d be supremely embarrassed. They are incompetent or negligent. Either way, it’s on the board and senior leaders to fix it.

I guess they could file for bankruptcy. Again.