*This article has been corrected: it originally stated that N4aughtysecTU accessed the information of at least 54 million TransUnion clients, when in fact it was records unrelated to TransUnion from prior data breaches. We apologise for the error.
JSE-listed pharmacy retail and healthcare group Dis-Chem has issued a notice on its website alerting customers that one of its third-party service providers suffered a data compromise on Thursday April 28, affecting 3.68 million of its customers.
Dis-Chem says an investigation of the breach – which it became aware of on May 1 – revealed that hackers were able to gain access to the names, email addresses and cellphone numbers of the affected customers.
“Upon being made aware of the incident, we immediately commenced an investigation into the matter and to ensure that the appropriate steps were taken to prevent any further incidents,” the group points out.
The retailer assured customers that there is currently no indication that their information has been published or used by the hackers. However, it did also warn that this might not be the case for long.
“Based on the categories of personal information impacted, there is a possibility that any impacted personal information may be used by the unauthorised party to commit further criminal activities, such as phishing attacks, emails compromises, social engineering and/or impersonation attempts,” the notice reads.
Dis-Chem further noted that in such cases hackers can cross-reference the compromised information with data stolen in other cyber attacks, forming part of an elaborate criminal scheme.
In its notice the group did not mention the third-party service provider that was hit by the cyber attack.
In mid-March, TransUnion South Africa suffered a massive cyber attack, which saw a hacker group calling itself N4aughtysecTU accessing data (like credit scores, banking details and ID numbers) allegedly obtained from TransUnion and other sources, which the credit bureau says include “at least 54 million records unrelated to TransUnion from prior data breaches dating back to 2017”.
In this incident hackers demanded TransUnion to pay a $15 million ransom in bitcoin – about R220 million – to prevent the leaking of the sensitive information, however TransUnion refused to do so.
The newly established Information Regulator (South Africa) says while it is still investigating the cyber attack on TransUnion, attacks on personal information have been on the rise.
“Unfortunately, instances of data breaches are on the increase. With our enforcement powers having come into effect in July 2021 we remind the responsible parties of their obligation to report security compromises to the regulator,” Mukelani Dimba, head of education and communication at the watchdog, tells Moneyweb in a statement.
“Failure to do so is violation of the provisions of POPIA [Protection of Personal Information Act] and we will hold parties guilty of such a violation accountable for such non-compliance.”
Meanwhile, Dis-Chem says the affected third-party service provider has made of use of additional safeguards to strengthen security and prevent further breaches.
However, Dis-Chem cautions customers to remain cautious and recommends the following:
- Do not click on any suspicious links.
- Refrain from disclosing any passwords or PINs via email, text or social media platforms.
- Change your passwords often and ensure there is complexity in the configuration (i.e. with the use of special characters).
- Ensure regular anti-virus and malware scans are performed on any electronic devices and check software is up to date.
- Only provide personal information when there is a legitimate reason to do so.
The group adds that it has employed the assistance of specialists who will monitor the web and dark web to detect the publication of the data stolen by the hackers.