The Information Regulator has issued pharmacy chain Dis-Chem Pharmacies with an enforcement notice for various contraventions of the Protection of Personal Information Act (Popia).
“Around April and May 2022, Dis-Chem’s third-party service provider, Grapevine, suffered a brute-force attack by an unauthorised party. Some 3.7 million data subjects’ records were accessed from Dis-Chem’s e-statement service database which was managed by Grapevine,” the regulator said in a statement on Friday.
“The affected records in this database were limited to names and surnames, e-mail addresses, and cellphone numbers of the data subjects,” it said.
