Cyber Incident Victim: Dis-Chem Pharmacies

On 1 May 2022, Dis-Chem Pharmacies became aware that an unauthorized party had accessed a customer database managed by an unnamed third-party service provider contracted to develop and operate the system. The breach compromised approximately 3.7 million client records containing personal information required for the pharmacy group’s services. Dis-Chem initiated an immediate investigation upon discovery and collaborated with the third-party operator to implement preventive measures against further incidents. The company confirmed the incident stemmed from external access to the third-party database rather than direct infiltration of Dis-Chem’s internal systems. No evidence indicated prior system vulnerabilities or prolonged unauthorized access before detection on 1 May.

The exposed data included customers’ first and last names, email addresses, and cellphone numbers. Dis-Chem acknowledged the risk that attackers could exploit this information for criminal activities such as phishing campaigns or email scams but confirmed no verified instances of data misuse or public distribution had been identified. The third-party operator reinforced database security through enhanced access management protocols while investigations continued. Dis-Chem engaged external specialists to conduct ongoing web and dark web monitoring for potential leaks of the compromised information. The company maintained public transparency through official statements but did not disclose remediation support offered to affected customers. Operational continuity remained unaffected as the breach was contained to the third-party system.