Bleeping Computer has reported that Rite Aid has disclosed a data breach affecting 2.2 million individuals.

According to the report, Rite Aid stated in its filing with the Maine Attorney General that “We determined by June 17, 2024, that certain data associated with the purchase or attempted purchase of specific retail products was acquired by [an] unknown third party.

This data included purchaser name, address, date of birth and driver’s license number or other form of government-issued ID presented at the time of a purchase between June 6, 2017, and July 30, 2018.” Customers’ Social Security numbers, financial information, or health information were not exposed in the incident.

Rite Aid is notifying affected individuals. If you are a recipient of the notification letter, the letter will provide instructions on next steps.