Security17.01.2025

Pick n Pay customer information exposed in data leak

Claim Expert, the company Pick n Pay used to offer its licence disc renewal service from January 2022 until mid-2023, has suffered a data leak that exposed the personal information of over 100,000 customers.

The leak contains names and surnames, ID numbers, cellphone numbers, and email addresses.

Word of a potential breach began circulating online after a ransomware gang called Bashe posted on its data leak site on the dark web that it planned to dump a database with 105,383 lines belonging to Pick n Pay.

It had given the South African retail giant until the morning of 14 January 2025 to pay up.

However, when the clock ran out and Bashe released the data, it turned out that the database belonged to Claim Expert, not Pick n Pay.

According to SOCRadar and The Moloch, Bashe is a ransomware group that was first identified in April 2024 and was formerly known as Eraleig and APT73.

Both reports speculate that Bashe is a spin-off from the LockBit ransomware group.

It is unclear whether Bashe was the threat actor that originally discovered the exposed data, or if they found it elsewhere on the Internet and were trying their luck to extort Pick n Pay.

A MyBroadband reader said that Claim Expert contacted them in July last year to inform them about a “potential information security incident.”

According to Claim Expert, the incident happened on 18 July 2024.

“A file containing personal identifiable information was mistakenly exposed online,” the company stated.

“Out of caution, we believe some of the data on the file may have been accessed. We are notifying you now so you know about the actions that we are taking and can take proactive measures to protect your information.”

Claim Expert said it reported the incident to the Information Regulator and is cooperating with authorities.

“Our top priority is to determine the scope of the issue, secure our systems, and prevent future risks,” it said.

The company said it took several steps to address the incident, including taking the affected servers offline, strengthening access controls, deploying enhanced threat detection tools, and monitoring the Internet and dark web for any exposed information.

It is unclear whether Claim Expert has alerted customers about the fact that their data has been further exposed on the dark web.

Claim Expert said in its July email that the full impact of the incident was still under investigation.

It advised impacted customers to place a fraud alert on their credit report with major credit bureaus such as Experian, XDS, TransUnion, Vericred, and the Consumer Profile Bureau.

Customers could also get a Protective Registration from the Southern African Fraud Prevention Service.

“Be cautious of suspicious e-mails, calls, texts, or faxes asking for personal information. Verify any requests before responding,” Claim Expert said.

“Avoid clicking links or opening attachments in emails where you are not familiar with the person sending you the email.”

It also advised that customers use strong, unique passwords and that they change them regularly.

Customers should also keep their devices up to date with antivirus and anti-malware software, and scan them regularly, said Claim Expert.

MyBroadband contacted Pick n Pay and Claim Expert for comment and neither provided feedback by publication.

Following publication, Pick n Pay provided a statement:

Pick n Pay has in no way experienced any data breach or ransomware attack. Our platforms remain fully operational. We take data security very seriously. Our IT team reviewed these claims and found they relate to a former service provider’s data breach dating back to July 2024.

We stopped working with the third- party service provider more than a year before that — in March 2023 — for commercial reasons. Pick n Pay did not share data with the former service provider and any customer using their service provided their own information directly to the service provider via their independent platform.

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter