Dis-Chem suffers data breach, personal info of 3.6 million people affected

The pharmacy retailer Dis-Chem has confirmed an unauthorised access to a database containing the personal data of more than 3.6-million people which could be used for criminal activities, such as phishing attacks.

The stolen information includes:

Full names,
Email addresses,
Phone numbers.

The company said the data breach was brought to its attention on May 1:

After investigating a suspected data compromise suffered by one of our third party service providers and operators, we hereby confirm ... that certain personal information was accessed by an unauthorised person on or about April 28.

We immediately commenced an investigation into the matter and to ensure that the appropriate steps were taken to prevent any further incidents.

Dis-Chemexplained it had contracted a third party service provider and operator for “certain managed services”. The operator then developed a database for Dis-Chem which contained categories of personal information necessary for the services offered by Dis-Chem.

Upon being made aware of the incident, we immediately commenced an investigation into the matter and to ensure that the appropriate steps were taken to prevent any further incidents. Our investigation has revealed that the incident affected a total of 3,687,881 data subjects.

The other day, healthcare technology firm Omnicell reported in a filing with the United States Securities and Exchange Commission (SEC) that it recently became a victim of a ransomware attack.