Avatar photo

By Faizel Patel

Senior Journalist


Dis-Chem investigating after hackers access people’s personal information

Dis-Chem said based on the categories of personal information impacted, there may be further criminal activities


Pharmacy retailer Dis-Chem says it has taken the necessary measures to investigate a data breach of 3.6 million people’s personal information.

In a statement, Dis-Chem confirmed there is currently no indication that any personal information has been published or misused as a result of the hack.

“We stress that no identification numbers, medical, financial or banking information was contained in this database. However, we cannot guarantee that this position will remain the same in future.”

Dis-Chem said it was made aware of the breach on 1 May by a contracted third-party service provider and operator for certain managed services.

“It was brought to our attention that an unauthorised party had managed to gain access to the contents of the database. Upon being made aware of the incident, we immediately commenced an investigation into the matter and to ensure that the appropriate steps were taken to prevent any further incidents.”

“Our investigation has revealed that the incident affected a total of 3 687 881 data subjects and that the following personal information was accessed,” Dis-Chem said.

Dis-chem said based on the categories of personal information impacted, there may be further criminal activities.

“There is a possibility that any impacted personal information may be used by the unauthorised party to commit further criminal activities, such as phishing attacks, emails compromises, social engineering and/or impersonation attempts.”

ALSO READ: Hackers with access to 54 million personal records demand R224m ransom from TransUnion SA

Dis-Chem added that while investigations into the incident are still ongoing, the operator has confirmed it has deployed additional safeguards to ensure protection and security of information on the database.

In March, credit reporting agency TransUnion South Africa also had a data breach, with the hackers claiming they had accessed 54 million personal records of South Africans.

TransUnion South Africa said its server was accessed by a “criminal third party”.

The hacker group reportedly gained access to four terabytes of data and is demanding a ransom of $15 million (about R223 million).

ALSO READ: Tips and advice to keep your devices from being hacked

For more news your way

Download our app and read this and other great stories on the move. Available for Android and iOS.