Rite Aid Will Pay Almost $7 Million in 2024 Data Breach Settlement
The U.S. District Court for Eastern Pennsylvania Tuesday approved a $6.8 million settlement between Rite Aid and class-action plaintiffs in a data-breach case where the drugstore chain exposed the personally identifiable information (PII) of more than 2 million people in 2024.
Sign up for a free preview to unlock the rest of this article
Judge Harvey Bartle found that the settlement was “fair, reasonable, and adequate, and falls within the range of possible approval."
Case 24-03356 began in July 2024 when plaintiff Margaret Bianucci filed a complaint against Rite Aid, alleging that it failed to secure the PII, including driver’s license numbers, of herself and 2.2 million other individuals during a cyberattack in June 2024. The data breach was a result of Rite Aid’s lack of adequate cybersecurity procedures and protocols, Bianucci said in the complaint. Moreover, the complaint alleged Rite Aid provided little information to affected customers concerning the details of the breach and what steps it took to prevent future attacks.