A cyberattack on Rite Aid last year exposed the personal information of over 2 million customers. Now, those affected can receive Rite Aid Data Breach Settlement compensation through a $6.8 million class-action settlement. The breach occurred when hackers infiltrated the pharmacy chain’s systems, accessing sensitive customer data including names, addresses, birth dates, and driver’s license numbers.
The settlement represents one of the larger retail data breach payouts in recent years. Customers who shopped at Rite Aid between June 2017 and July 2018 may be entitled to compensation, with some eligible for payments as high as $10,000. The final approval hearing is scheduled for July 17, 2025, but affected customers must act quickly to file their claims.
Understanding your rights and the compensation process is crucial if you believe your information was compromised. This guide breaks down everything you need to know about the Rite Aid settlement, from eligibility requirements to filing procedures.
What Happened in the Rite Aid Data Breach
On June 6, 2024, hackers from the ransomware group RansomHub successfully penetrated Rite Aid’s computer systems.
Although the pharmacy chain shut down the unauthorized access within 12 hours, the damage was already done.
The attackers had extracted personal information belonging to 2.2 million customers who made purchases between June 6, 2017, and July 30, 2018.
The compromised data included full names, home addresses, dates of birth, and driver’s license numbers. Rite Aid emphasized that Social Security numbers, financial information, and patient medical records were not affected by the breach.
However, the exposed information was still sufficient to put customers at risk for identity theft and fraud.
Rite Aid didn’t notify affected customers until several weeks after discovering the breach, in July 2024. The company offered free credit monitoring and identity theft protection services for 12 months as part of their response.
Many customers felt this response was inadequate, leading to multiple lawsuits that were later consolidated into a single class-action case.
The breach came at a particularly challenging time for Rite Aid, which had been struggling financially and filed for bankruptcy in October 2023. The company has since closed over 700 locations as part of its restructuring efforts.
Understanding the Class-Action Lawsuit
The consolidated lawsuit, known as Bianucci v. Rite Aid Corporation, claimed that the pharmacy chain failed to implement adequate cybersecurity measures to protect customer information.
Plaintiffs argued that the breach was foreseeable, especially given that Rite Aid had experienced a similar cyberattack in 2023 and operates within the healthcare industry, which is frequently targeted by cybercriminals.
The lawsuit alleged that Rite Aid’s inadequate security practices directly led to the breach and subsequent exposure of customer data.
Plaintiffs sought compensation for potential damages, including the cost of credit monitoring services, time spent addressing identity theft concerns, and the increased risk of future fraudulent activity.
Rite Aid denied any wrongdoing throughout the legal proceedings. The company maintained that it agreed to settle the case to avoid the time, expense, and uncertainty of prolonged litigation.
The U.S. District Court for the Eastern District of Pennsylvania granted preliminary approval for the $6.8 million settlement in March 2025.
Who Qualifies for Settlement Payments
Rite Aid customers whose personal information was compromised or potentially compromised in the June 2024 data breach are eligible to participate in the settlement.
Specifically, this includes customers who made purchases at Rite Aid locations between June 6, 2017, and July 30, 2018.
Most eligible customers should have received a data breach notification directly from Rite Aid. If you believe you were affected by the breach but didn’t receive a notice, you can contact the Settlement Administrator by calling 833-421-7672 or through their online contact form.
To be part of the settlement class, you must have been a Rite Aid customer in the United States during the specified time period.
The settlement covers all eligible customers regardless of whether they experienced actual financial losses or identity theft as a result of the breach.
Customers who wish to exclude themselves from the settlement to pursue individual legal action must do so by June 6, 2025.
Those who remain in the settlement class will be bound by the terms of the agreement and cannot file separate lawsuits against Rite Aid for the same data breach.
Settlement Payment Amounts and Requirements
The $6.8 million settlement fund will be distributed among eligible class members, with payment amounts varying based on whether you can document actual losses related to the data breach.
The settlement creates two categories of payments: documented loss payments and general cash payments.
Documented Loss Payments
If you can prove you incurred expenses directly related to the Rite Aid data breach, you may be eligible for reimbursement of up to $10,000. Acceptable documentation includes:
- Bank or credit card statements showing unauthorized charges
- Receipts for professional services related to identity theft resolution
- Receipts for credit monitoring or identity protection services purchased after June 6, 2024
- Documentation of other out-of-pocket expenses directly related to the breach
The documentation must clearly demonstrate that your expenses were connected to the Rite Aid data breach. General identity protection services purchased before the breach occurred would not qualify for reimbursement.
General Cash Payments
Even without documentation of specific losses, eligible customers can still receive a flat cash payment. However, these payments will only be distributed after all valid documented loss claims are paid.
The amount of general cash payments will depend on how much money remains in the settlement fund and the total number of valid claims submitted.
After attorneys’ fees, administrative costs, taxes, and special awards to class representatives are deducted from the settlement fund, the remaining money will be divided among eligible claimants.
This means the exact amount of general cash payments won’t be determined until after the claims process is complete.
How to File Your Claim
Filing a settlement claim is straightforward, but you must meet the July 7, 2025 deadline. You have two options for submitting your claim:
Online Submission
Visit the official Rite Aid settlement website at riteaiddatasettlement.com to file your claim electronically.
The online portal allows you to upload supporting documentation for documented loss claims and provides immediate confirmation of your submission.
Mail Submission
Download the PDF claim form from the settlement website and mail it to:
Rite Aid Data Breach Settlement Administrator
c/o Kroll Settlement Administration LLC
P.O. Box 225391
New York, NY 10150-5391
Whether you file online or by mail, make sure to include all relevant documentation if you’re seeking reimbursement for documented losses. Keep copies of everything you submit for your records.
The settlement administrator will review all claims to verify eligibility and documentation. If there are issues with your claim, they may contact you for additional information before the final approval hearing.
Timeline for Settlement Payments
The settlement process follows a specific timeline with several key dates:
- June 6, 2025: Deadline to object to the settlement or exclude yourself from the class
- July 7, 2025: Deadline to submit settlement claims
- July 17, 2025: Final approval hearing
Assuming the court grants final approval at the July hearing, settlement payments should be distributed within 30 days. However, payments may be delayed if there are appeals or legal challenges to the settlement.
The settlement administrator will issue payments via check or electronic transfer, depending on the payment method you specify in your claim form. Make sure to update your contact information if you move before payments are distributed.
Protecting Yourself After a Data Breach
While the Rite Aid settlement provides some compensation for affected customers, it’s important to take proactive steps to protect yourself from identity theft and fraud.
Data breaches have become increasingly common, with the Federal Trade Commission receiving over 1.1 million identity theft reports in 2024 alone.
Monitor Your Credit Reports
Regularly check your credit reports from all three major credit bureaus (Experian, Equifax, and TransUnion) for suspicious activity.
You’re entitled to free credit reports annually from each bureau through annualcreditreport.com. Consider setting up fraud alerts or credit freezes if you’re particularly concerned about identity theft.
Consider Identity Protection Services
Identity theft protection services monitor the internet and dark web for your personal information, alerting you to potential misuse before it becomes a major problem.
Many services also include identity theft insurance that covers legal fees, lost wages, and other expenses related to identity restoration.
Use Strong, Unique Passwords
Implement strong, unique passwords for all your online accounts, especially those containing financial or personal information.
Password managers can help you generate and store complex passwords securely, reducing the risk of account breaches.
Stay Alert to Scams
Be cautious of phishing emails, text messages, or phone calls that request personal information. Legitimate companies rarely ask for sensitive information through unsolicited communications. When in doubt, contact the company directly using official contact information.
Frequently Asked Questions
Can I still file a claim if I didn’t receive a breach notification?
Yes, you can still file a claim even if you didn’t receive a notification from Rite Aid. Contact the Settlement Administrator at 833-421-7672 to verify your eligibility and receive instructions for filing your claim.
What if I can’t find receipts for my documented losses?
If you don’t have original receipts, try to obtain copies from your bank, credit card company, or service provider. Bank statements showing charges for credit monitoring services or identity protection may be acceptable documentation.
Will I have to pay taxes on my settlement payment?
Settlement payments may be considered taxable income depending on your specific circumstances. Consult with a tax professional if you have questions about the tax implications of your settlement payment.
Can I file a claim on behalf of a deceased family member?
If a deceased family member was affected by the breach, their estate may be eligible to file a claim. Contact the Settlement Administrator for specific guidance on filing claims for deceased individuals.
Taking Action to Secure Your Settlement Payment!
The Rite Aid data breach settlement offers meaningful compensation for customers whose personal information was compromised.
While no amount of money can completely undo the potential risks associated with having your data stolen, this settlement provides some measure of justice and financial relief.
Don’t wait until the last minute to file your claim. Gather any documentation of losses related to the breach, visit riteaiddatasettlement.com, and submit your claim form before the July 7, 2025 deadline.
Even if you don’t have documentation of specific losses, you’re still eligible for a general cash payment from the settlement fund.
Remember that this settlement is just one step in protecting yourself from the ongoing risks of identity theft.
Consider implementing additional security measures and staying vigilant about monitoring your personal information to safeguard against future breaches and fraud attempts!