Millions of people have had their personal information compromised due to a significant data breach at a major corporation. On August 6, 2024, Jimmie Ray Hale, Jr. filed a class action complaint against Rite Aid Corporation in the United States District Court for the Eastern District of Pennsylvania.
The lawsuit alleges that Rite Aid failed to secure and safeguard the personally identifiable information (PII) of approximately 2.2 million individuals. According to the complaint, on June 6, 2024, an unknown third party impersonated a company employee to gain access to Rite Aid's business systems. This breach allowed unauthorized access to sensitive customer data including names, addresses, dates of birth, and government-issued identification numbers. The plaintiff claims that Rite Aid was aware of the breach within 12 hours but delayed notifying affected individuals until July.
Plaintiff Jimmie Ray Hale, Jr., a resident of Apple Valley, California, asserts that his PII was among the data compromised during the breach. He describes spending considerable time verifying the legitimacy of the notice he received from Rite Aid and monitoring his financial accounts for fraudulent activity. Despite these efforts, Hale argues that the harm caused by the breach cannot be undone and that both he and other class members face an increased risk of identity theft and fraud due to their PII being in unauthorized hands.
The complaint accuses Rite Aid of failing to implement adequate security measures despite knowing the risks associated with storing sensitive personal information. It also highlights that this is not the first time Rite Aid has been targeted by cybercriminals; another attack occurred less than a year earlier in July 2023. The lawsuit contends that Rite Aid violated several laws including Section 5 of the Federal Trade Commission Act by not employing reasonable measures to protect consumer data.
The plaintiffs are seeking various forms of relief from the court including statutory damages under California's Consumer Privacy Act (CCPA), actual damages exceeding statutory amounts if applicable, injunctive relief to prevent future breaches, and any other relief deemed appropriate by the court.
Representing Jimmie Ray Hale Jr., attorneys are pressing for accountability and better protection measures from Rite Aid Corporation. The case is being overseen by judges at the United States District Court for the Eastern District of Pennsylvania under Case No. 2:24-cv-3885.