Whether you are shopping online or in person, your data can fall into the hands of hackers through no fault of your own. As an example, U.S. pharmacy Rite Aid revealed last month that it suffered a data breach in which the personal information of 2.2 million customers was stolen by hackers.

As reported by BleepingComputer, the drugstore chain detected a “data security incident” early last month in which personal data, not financial data like Social Security numbers or credit card information, was stolen from its system.

But now, in a data breach notification filed with the Maine Attorney General's Office, Rite Aid explains that the incident was first detected on June 6, 12 hours after hackers broke into its network. They did this using employee credentials.

As a result, the hackers in question stole full names, addresses, dates of birth, driver's license numbers, or other government-issued identities used for purchases made between June 6, 2017 and July 30, 2018.

Below is everything you need to know about this new data breach, along with some steps you can take if your personal information was stolen during the attack on Rite Aid's system.

Rite Aid has yet to reveal which hacker group was behind the June attack. However, a ransomware group named RansomHub has claimed responsibility in a posting on a dark web leak site.

In the post, the RansomHub hackers explain that they “obtained more than 10 GB of customer information, equivalent to about 45 million lines of personal data. They then went on to detail what personal information was stolen in the attack on the drugstore chain.

Typically, in a ransomware attack, hackers gain access to a company's systems and lock them until a ransom is paid to unlock them. However, RansomHub's approach is slightly different. Instead of locking down a company's systems, the ransomware gang steals as much data as they can get their hands on and holds this stolen data hostage.

However, when Rite Aid called off negotiations with RansomHub, the hackers shared screenshots showing the data in their possession on data leak sites as proof. They also stated that this data would be leaked within two weeks unless Rite Aid decided to pay them.

Earlier this year, the ransomware group claimed responsibility for hacking U.S. telecommunications company Frontier Communications in April, making Rite Aid the second RansomHub target.

If you shopped at Rite Aid between June 2017 and July 2018, your personal information could be in the hands of hackers and could even end up online, as RansomHub often auctions off stolen data to the highest bidder on the dark web. There is a possibility.

Fortunately, however, the drugstore chain has announced that it will offer its crawl identity monitoring service for free. The company has a team of licensed private investigators who can answer questions and provide steps that data breach victims can take to keep their personal information safe. Unlike the best identity theft protection services, however, Kroll does not appear to offer identity theft insurance to help victims recover lost assets or wages. Still, this is better than what other companies offer.

Affected Rite Aid customers will likely receive an email or perhaps a letter in their mailbox informing them how to sign up for Kroll's identity monitoring and other steps they can take to stay safe after this breach.

At the same time, we want to closely monitor our online accounts and bank accounts for fraudulent or suspicious activity. We also want to be aware of targeted phishing attacks that could be used to spread dangerous malware. The best antivirus software can help you detect malware that hackers might try to send to you via email with malicious attachments.

We will likely learn more about this latest data breach once Rite Aid and law enforcement conduct a full investigation into the matter.