Dis-Chem Pharmacies has revealed that nearly 3.7 million of its clients’ records were compromised during an incident involving a third-party service provider.
The pharmacy group explained that it had a contract with the third-party service provider and operator to develop a database that contained personal information necessary for the services offered by Dis-Chem.
It has not named the third party.
“It was brought to our attention on 1 May 2022, that an unauthorised party had managed to gain access to the contents of the database,” Dis-Chem said in a statement.
“Upon being made aware of the incident, we immediately commenced an investigation into the matter and to ensure that the appropriate steps were taken to prevent any further incidents,” it added.
The personal data compromised includes nearly 3.7 million Dis-Chem customer records and contains:
- First and surnames
- E-mail addresses
- Cellphone numbers
Dis-Chem said there is a possibility that the unauthorised party could use the impacted personal information for further criminal activities like phishing attacks and e-mail scams.
Investigations into the incident are still ongoing, but the third-party operator has deployed additional safeguards — including enhanced access management protocols — to secure the information on the database.
Dis-Chem said it is not aware of any actual misuse or publication of personal information that may have been acquired.
“We are, however, continuing with the assistance of external specialists to undertake web monitoring (including the dark web) for any publication of personal information relating to the incident,” it added.