Pharmacy retailer Dis-Chem recently announced that it had been hit by a data breach affecting the personal details of 3.6 million customers.
In a statement, Dis-Chem said it was contracted with a third-party service provider and operator for certain managed services that developed a database for Dis-Chem. The database contained “certain categories of personal information necessary for the services offered by Dis-Chem,” it added.
“It was brought to our attention on 1 May 2022, that an unauthorized party had managed to gain access to the contents of the database. Upon being made aware of the incident, we immediately commenced an investigation into the matter and to ensure that the appropriate steps were taken to prevent any further incidents,” the report read.
A subsequent investigation revealed that the incident affected a total of 3,687,881 data subjects and that the following personal information was accessed: first name and surname; email addresses; and cell phone numbers.
However, Dis-Chem went on to say that the unauthorized party might use any of the impacted personal information: “Based on the categories of personal information impacted, there is a possibility that any impacted personal information may be used by the unauthorized party to commit further criminal activities, such as phishing attacks, emails compromises, social engineering and/or impersonation attempts. For example, it may be cross-referenced with information compromised in other third party cyber incidents, for the further perpetration of crime against data subjects.”
On Wednesday, the group refused to confirm any further information in response to an update.
“Dis-Chem will not be sharing anything further on the data breach,” the company said in a statement.
Dis-Chem is the second largest retail pharmacy chain in South Africa, with 165 stores, plus 4 in Namibia and 1 in Botswana