Wednesday, 11 May 2022 15:24

Over 3.6m records of customers exposed in Dis-Chem cyber attack.

By Lehlohonolo Lehana.

JSE-listed pharmacy retail and healthcare group Dis-Chem has issued a notice on its website alerting customers that one of its third-party service providers suffered a data compromise on Thursday April 28, affecting 3.68 million of its customers.

Dis-Chem says an investigation of the breach – which it became aware of on May 1 – revealed that hackers were able to gain access to the names, email addresses and cellphone numbers of the affected customers.

Upon being made aware of the incident, we immediately commenced an investigation into the matter and to ensure that the appropriate steps were taken to prevent any further incidents," the group points out.

"Based on the categories of personal information impacted, there is a possibility that any impacted personal information may be used by the unauthorised party to commit further criminal activities, such as phishing attacks, emails compromises, social engineering and/or impersonation attempts," the notice reads.

Dis-Chem further noted that in such cases hackers can cross-reference the compromised information with data stolen in other cyber attacks, forming part of an elaborate criminal scheme.

In its notice the group did not mention the third-party service provider that was hit by the cyber attack.

In mid-March, credit bureau TransUnion South Africa suffered a massive cyber attack which saw a hacker group calling itself N4aughtysecTU accessing various client information like credit scores, banking details and ID numbers of at least 54 million clients.

Dis-Chem says the affected third-party service provider has made of use of additional safeguards to strengthen security and prevent further breaches.

However, Dis-Chem cautions customers to remain cautious and recommends the following:

  • Do not click on any suspicious links.
  • Refrain from disclosing any passwords or PINs via email, text or social media platforms.
  • Change your passwords often and ensure there is complexity in the configuration (i.e. with the use of special characters).
  • Ensure regular anti-virus and malware scans are performed on any electronic devices and check software is up to date.
  • Only provide personal information when there is a legitimate reason to do so.

The group adds that it has employed the assistance of specialists who will monitor the web and dark web to detect the publication of the data stolen by the hackers.