One of Dis-Chem’s third-party service providers suffered a data breach on April 28, affecting more than 3.68 million of its customers, according to a notice posted on Dis-Chem’s website on Wednesday.
It said “there is currently no indication that any personal information has been published or misused as a result of the incident. However, we cannot guarantee that this position will remain the same in future.”
The JSE-listed pharmacy retail and healthcare group said it came to its attention on 1 May that an unauthorised party had managed to access the third-party database containing personal information related to the managed services offered by Dis-Chem.
Dis-Chem said it immediately launched an investigation into the matter and ensured that the appropriate steps were taken to prevent any further incidents.
The investigation found that the hackers accessed the first names and surnames, email addresses and cellphone numbers of the affected data subjects.
“The unauthorised party may use the information to commit further criminal activities, such as phishing attacks, email compromises, social engineering and/or impersonation attempts,” Dis-Chem said.
It said the operator has deployed additional safeguards to ensure the security of the information on the database.
“We are not aware of any actual misuse or publication of personal information from the personal information that may have been acquired. We are, however, continuing, with the assistance of external specialists, to undertake web monitoring (including the dark web) for any publication of personal information relating to the incident.”