Pharmacy retailer Dis-Chem has launched an investigation into a data hack at one of its third-party service providers that resulted in an "unauthorised person" accessing the personal details of customers.
In a notice on Wednesday, Dis-Chem said its investigation so far showed that the hacker gained access to first names, surnames, email addresses and cellphone numbers belonging to more than 3.6 million people.
The retailer said it was informed about the breach - which took place in April - at the beginning of this month. It has since taken steps to establishing the scope of the breach and restore the "integrity" of its operating system
"Please note there is currently no indication that any personal information has been published or misused as a result of the incident. However, we cannot guarantee that this position will remain the same in future," Dis-Chem cautioned.
The retailer added that it was continuing to monitor for any publication of the personal information accessed in the breach.
"While investigations into the incident are still ongoing, the operator has confirmed it has deployed additional safeguards in order to ensure protection and security of information on the database," Dis-Chem said.
Dis-Chem also asked those possibly affected by the breach to be vigilant by:
- Not clicking on suspicious links;
- Not sharing passwords or PINs;
- Changing passwords often;
- Having regular anti-virus and malware scans on their devices; and
- Providing personal information only when there is a legitimate reason.