Dis-Chem flags data hack
JSE-listed pharmacy retail and healthcare group Dis-Chem has issued a notice on its website alerting customers that one of its third-party service providers suffered a data compromise on 28 April, affecting 3.68 million of its customers.
Dis-Chem says an investigation of the breach – which it became aware of on 1 May – revealed that hackers were able to gain access to the names, e-mail addresses and cellphone numbers of the affected customers.
“Upon being made aware of the incident, we immediately commenced an investigation into the matter and to ensure that the appropriate steps were taken to prevent any further incidents,” the group said.
The retailer assured customers that there is currently no indication that their information has been published or used by the hackers. However, it did also warn that this might not be the case for long.
“Based on the categories of personal information impacted, there is a possibility that any impacted personal information may be used by the unauthorised party to commit further criminal activities, such as phishing attacks, e-mails compromises, social engineering and/or impersonation attempts,” the notice read.
Dis-Chem further noted that in such cases hackers can cross-reference the compromised information with data stolen in other cyber-attacks, forming part of an elaborate criminal scheme.
In its notice the group did not mention the third-party service provider that was hit by the cyber-attack.
In mid-March, credit bureau Trans Union South Africa suffered a massive cyber-attack, which saw a hacker group calling itself N4aughtysec TU accessing various client information like credit scores, banking details and ID numbers.
In this incident, hackers demanded Trans Union to pay a $15 million ransom in bitcoin – about R220 million – to prevent the leaking of the sensitive information. However, Trans Union refused to do so.
The newly established Information Regulator (South Africa) says while it is still investigating the cyber-attack on Trans Union, attacks on personal information have been on the rise.
Meanwhile, Dis-Chem says the affected third-party service provider has made of use of additional safeguards to strengthen security and prevent further breaches.
The group adds that it has employed the assistance of specialists who will monitor the web and dark web to detect the publication of the data stolen by the hackers.