Rite Aid Faces Lawsuit Over Alleged Data Breach, Plaintiffs Seek Compensation

Kevin Salzman, Esq.
Reporter and Licensed Attorney
Published
September 12, 2023 10:05 AM
Updated
September 12, 2023
Rite Aid Faces Lawsuit Over Alleged Data Breach, Plaintiffs Seek Compensation

In a lawsuit filed on behalf of Betty Gregory and potentially thousands of others, Rite Aid Corporation is facing serious accusations of negligence and violation of federal and state data security and privacy statutes. The case, lodged in the United States District Court, Eastern District of Pennsylvania, stems from a data breach that allegedly exposed the sensitive personal information of Rite Aid customers.


The story begins with a seemingly innocuous transaction. Like countless others, Betty Gregory trusted Rite Aid with her personal and health information. However, she and an estimated 24,000 others found themselves victims of a data breach that exposed their names, dates of birth, addresses, prescription information, and health insurance details. The lawsuit alleges that Rite Aid failed to secure and safeguard this sensitive information appropriately, resulting in the breach.


"Rite Aid's investigation revealed that certain company files had been accessed by an unknown party," the complaint reads. This breach, the lawsuit contends, was a direct result of Rite Aid's "negligent and/or careless acts and omissions."


The case centers on allegations of negligence and violation of federal and state statutes. In legal terms, negligence involves failing to exercise the care that a reasonably prudent person would exercise in similar circumstances. In this case, the plaintiffs argue that Rite Aid failed in its duty to protect customer data.


The alleged violation of federal and state statutes is another significant aspect of the case. These include laws such as the Health Insurance Portability and Accountability Act (HIPAA), which sets national standards for securing electronically protected health information.


The consequences of this alleged breach are far-reaching. The plaintiffs argue that the compromised data is highly valuable for identity theft, a crime that can have long-lasting impacts on victims. They seek compensation for invasion of privacy, loss of benefit of the bargain, time spent remedying harms, lost opportunity costs, and the continued risk to their private information.


"The data breach involved a significant number of individuals (approximately 24,000), and the compromised information is highly valuable for identity theft," the complaint states. This highlights the scale of the alleged breach and the potential damages that could be awarded if the lawsuit is successful.


The case is a stark reminder of the importance of data security in an increasingly digital world. As consumers, we entrust companies with our most sensitive information and expect them to safeguard it. When they fail to do so, the consequences can be severe, both for the individuals affected and for the companies themselves.


As the case progresses, it will be interesting to see how the courts interpret the laws related to data security and privacy and whether Rite Aid is found to have violated these laws. The outcome could have significant implications for other companies in similar situations, potentially leading to increased scrutiny of data security practices and stronger protections for consumer data.

Category
Data Breach
Case number
2:23-cv-03473
Defendant
Rite Aid Corporation
Date Filed
September 6, 2023
Jurisdiction
U.S. District Courts
Court
Pennsylvania Eastern District
State
Pennsylvania
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image