An early version of Pick n Pay’s on-demand app was been breach, with customer information compromised.
Records from 2022 in the app previously known as Bottles and later as Pick n Pay asap! were leaked.
The data includes names, contact details and birth dates, delivery addresses, credit card information card type, the last four digits and the expiry date, the encrypted password, and Smart Shopper numbers if linked to the account.
The retailer assures customers that full payment card numbers and CVVs were never stored on the system, so the leaked data cannot be used to make fraudulent transactions on customer cards.
It adds that the current Pick n Pay asap! + Smart Shopper platform is a separate system and not affected by this incident.
Pick n Pay warns customers that the combination of personal information potentially included could be used by criminals for targeted phishing or social engineering.
“In practice, this means you may be contacted by someone pretending to be from your bank or from Pick n Pay, using personal details to sound convincing, in an attempt to obtain money, passwords, or one-time PINs.”
It urges affected customers to:
- Be cautious of unexpected calls, messages or emails referencing your personal details, especially where the caller knows information about them. Pick n Pay and your bank will never ask you to share your full card number, your PIN, or one-time passwords sent to your phone.
- Change their password on any other service that use the same password as on the old Bottles/asap! app.
- Treat any unsolicited contact that references their home address with extra caution, since delivery addresses are among the information that may be affected.
- If they suspect fraud on their bank account, contact their bank immediately.
The company adds that it is responding by conducting a full forensic investigation with an independent cybersecurity firm, engaging with the Information Regulator and with law enforcement, and reviewing and strengthening the way it manages and retains historical customer data.
It has provided a dedicated support channel for customers.