Pharmaceutical distributor Dis-Chem says it has taken the necessary steps to investigate a personal data breach of 3.6 million people.
In a statement, Dis-Chem confirmed that there are currently no indications that any personal information was released or misused as a result of the hack.
“We emphasize that no identification number, medical, financial or banking information was included in this database. However, we cannot guarantee that this position will remain the same in the future.
Dis-Chem said it was notified of the breach on May 1 by a contracted third-party service provider and operator for certain managed services.
“It has come to our attention that an unauthorized party has gained access to the contents of the database. As soon as we were informed of the incident, we immediately opened an investigation into the matter and ensured that the appropriate measures were taken to prevent any further incidents.
“Our investigation revealed that the incident affected a total of 3,687,881 data subjects and the following personal information was accessed,” Dis-Chem said.
Dis-chem said that depending on the categories of personal information involved, there could be further criminal activity.
“It is possible that any personal information affected could be used by the unauthorized party to commit other criminal activities, such as phishing attacks, email compromises, social engineering attempts and/or ‘identity theft.”
ALSO READ: Hackers with access to 54 million personal records demand R224 million ransom from TransUnion SA
Dis-Chem added that while investigations into the incident are still ongoing, the operator confirmed that it has deployed additional safeguards to ensure the protection and security of information on the database.
In March, credit reporting agency TransUnion South Africa also had a data breach, with hackers claiming to have accessed 54 million personal records of South Africans.
TransUnion South Africa said its server was accessed by a “criminal third party”.
The hacker group is said to have had access to four terabytes of data and is demanding a ransom of $15 million (about R223 million).
ALSO READ: Tips and tricks to prevent your devices from being hacked