Dis-Chem has had a database that was created by a third-party service provider breached and over three million customer accounts were improperly accessed.

The incident was brought to Dis-Chem’s attention on 1st May, but the breach appears to have taken place on or about 28th April. While Dis-Chem acknowledges that the information in the database was accessed by an unauthorised party, it goes on to say that it has no indication that any of the data was stolen or published elsewhere.

“Please note there is currently no indication that any personal information has been published or misused as a result of the incident. We stress that no identification numbers, medical, financial or banking information was contained in this database. However, we cannot guarantee that this position will remain the same in future. Therefore, out of an abundance of caution, we are providing information about the incident as well as the remedial action taken to mitigate against any further adverse consequences of the incident,” the pharmacy franchise wrote in a customer notice.

In total, 3 687 881 data subjects had information accessed with that information including:

• First name and surname,
• Email Address,
• Cellphone number.

As Dis-Chem points out, this data can be used to launch other attacks such as spear-phishing attacks so it’s important to remain vigilant.

Should you be a Dis-Chem customer we recommend you keep an eye trained on your email inbox for updates.

Dis-Chem has said that it is working with external specialists to monitor the web for indications that the information that was accessed has been published.

For customers who have concerns, the pharmacy franchise points to the email address careline[at]dischem.co.za as a point of contact.