Major Dis-Chem data hack could affect up to 3.6-million customers
The information includes first names and surnames, email addresses and cellphone numbers
12 May 2022 - 12:03
by Staff Writer
Support our award-winning journalism. The Premium package (digital only) is R30 for the first month and thereafter you pay R129 p/m now ad-free for all subscribers.
Dis-Chem has confirmed an “unauthorised party” gained access to a database containing the personal information of more than 3.6-million people, which could be used for criminal activities, such as phishing attacks.
The information includes first names and surnames, email addresses and cellphone numbers.
“After investigating a suspected data compromise suffered by one of our third party service providers and operators, we hereby confirm ... that certain personal information was accessed by an unauthorised person on or about April 28,” the pharmacy retailer said in a statement.
Dis-Chem said the data breach was brought to its attention on May 1. “We immediately commenced an investigation into the matter and to ensure that the appropriate steps were taken to prevent any further incidents.”
The retailer explained it had contracted a third-party service provider and operator for “certain managed services”. The operator then developed a database for Dis-Chem, which contained categories of personal information necessary for the services offered by Dis-Chem.
“Upon being made aware of the incident, we immediately commenced an investigation into the matter and to ensure that the appropriate steps were taken to prevent any further incidents. Our investigation has revealed that the incident affected a total of 3,687,881 data subjects.” Names, email addresses and cellphone numbers were compromised.
“Please note there is currently no indication that any personal information has been published or misused as a result of the incident. We stress that no identification numbers, medical, financial or banking information was contained in this database. However, we cannot guarantee that this position will remain the same in future. Therefore, out of an abundance of caution, we are providing information about the incident as well as the remedial action taken to mitigate against any further adverse consequences of the incident.”
However, the retailer cautioned: “Based on the categories of personal information impacted, there is a possibility that any impacted personal information may be used by the unauthorised party to commit further criminal activities, such as phishing attacks, emails compromises, social engineering and/or impersonation attempts. For example, it may be cross-referenced with information compromised in other third party cyber incidents, for the further perpetration of crime against data subjects.”
“While investigations into the incident are still ongoing, the operator has confirmed it has deployed additional safeguards in order to ensure protection and security of information on the database. These safeguards include, but are not limited to, enhanced access management protocols to the database,” said the retailer.
“We are not aware of any actual misuse or publication of personal information from the personal information that may been acquired. We are, however, continuing, with the assistance of external specialists, to undertake web monitoring [including the dark web] for any publication of personal information relating to the incident.”
Support our award-winning journalism. The Premium package (digital only) is R30 for the first month and thereafter you pay R129 p/m now ad-free for all subscribers.
Major Dis-Chem data hack could affect up to 3.6-million customers
The information includes first names and surnames, email addresses and cellphone numbers
Dis-Chem has confirmed an “unauthorised party” gained access to a database containing the personal information of more than 3.6-million people, which could be used for criminal activities, such as phishing attacks.
The information includes first names and surnames, email addresses and cellphone numbers.
“After investigating a suspected data compromise suffered by one of our third party service providers and operators, we hereby confirm ... that certain personal information was accessed by an unauthorised person on or about April 28,” the pharmacy retailer said in a statement.
Dis-Chem said the data breach was brought to its attention on May 1. “We immediately commenced an investigation into the matter and to ensure that the appropriate steps were taken to prevent any further incidents.”
The retailer explained it had contracted a third-party service provider and operator for “certain managed services”. The operator then developed a database for Dis-Chem, which contained categories of personal information necessary for the services offered by Dis-Chem.
“Upon being made aware of the incident, we immediately commenced an investigation into the matter and to ensure that the appropriate steps were taken to prevent any further incidents. Our investigation has revealed that the incident affected a total of 3,687,881 data subjects.” Names, email addresses and cellphone numbers were compromised.
“Please note there is currently no indication that any personal information has been published or misused as a result of the incident. We stress that no identification numbers, medical, financial or banking information was contained in this database. However, we cannot guarantee that this position will remain the same in future. Therefore, out of an abundance of caution, we are providing information about the incident as well as the remedial action taken to mitigate against any further adverse consequences of the incident.”
However, the retailer cautioned: “Based on the categories of personal information impacted, there is a possibility that any impacted personal information may be used by the unauthorised party to commit further criminal activities, such as phishing attacks, emails compromises, social engineering and/or impersonation attempts. For example, it may be cross-referenced with information compromised in other third party cyber incidents, for the further perpetration of crime against data subjects.”
“While investigations into the incident are still ongoing, the operator has confirmed it has deployed additional safeguards in order to ensure protection and security of information on the database. These safeguards include, but are not limited to, enhanced access management protocols to the database,” said the retailer.
“We are not aware of any actual misuse or publication of personal information from the personal information that may been acquired. We are, however, continuing, with the assistance of external specialists, to undertake web monitoring [including the dark web] for any publication of personal information relating to the incident.”
TimesLIVE
Dis-Chem acquires three leased distribution centres
KATE THOMPSON DAVY: A future free from passwords may be one step closer
TOBY SHAPSHAK: Don’t give up your ID secrets — ever
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.
Most Read
Published by Arena Holdings and distributed with the Financial Mail on the last Thursday of every month except December and January.