Retail giant Pick n Pay has warned customers that personal information linked to an on-demand grocery app may have been compromised in a recently identified data breach, and customers can rest assured it has been replaced by a new one.
In a statement issued on Thursday evening (28 May) it said the breach related to an earlier version of its on-demand platform, previously known as Bottles and later as Pick n Pay asap!, which has since been replaced.
According to the retailer the affected records, which date back to 2022, were only recently discovered online. It said it was contacting all customers who registered on the older app in or before 2022, as their information “may have been affected.”
The compromised data set may include customers’ names, contact details, dates of birth, delivery addresses, encrypted passwords and linked Smart Shopper numbers. The name on payment cards, the card type, the last four digits and expiry dates were also included.
However, Pick n Pay stressed that full card numbers and CVV security codes were never stored on the system.
“This means the leaked data cannot be used to make fraudulent transactions on customer cards.”
The company added that its current Pick n Pay asap! and Smart Shopper platform operate on a completely separate system and were not affected by the incident.
Pick n Pay warned that although direct card fraud is unlikely criminals could use the exposed information in phishing scams or social-engineering attempts.
“In practice, this means you may be contacted by someone pretending to be from your bank or from Pick n Pay, using personal details to sound convincing, in an attempt to obtain money, passwords or one-time PINs,” the statement read.
Customers have been urged to remain cautious of suspicious calls, emails or messages that reference personal information. The retailer also advised users to change passwords on any other services where the same password may have been used.
ALSO READ: Sars dismissed security breach rumours as false
Pick n Pay said it has launched a full forensic investigation with an independent cybersecurity firm and is engaging with the Information Regulator and law-enforcement authorities.
The retailer further stated it was reviewing and strengthening the way it managed and retained historical customer data. A dedicated support channel has also been established for affected customers.
“We sincerely apologise for what has happened and understand the concern this may have caused,” said Enrico Ferigolli, Pick n Pay’s online executive head.
“Please be assured that we are treating this matter with the utmost seriousness and are actively implementing additional measures to optimise and strengthen our security protocols.”
ALSO READ: SPONSORED | Pick n Pay asap! just got better: 60-Min delivery magic
