DATA BREACH LINKED TO PICK N PAY SUPPLIER
A company that retailer Pick n Pay used as a supplier has suffered a data breach.
Claim Expert is a company used by Pick n Pay to give its customers the chance to renew their licence discs inside a Pick n Pay branch.
The data breach has exposed the personal information of over 100,000 customers.
A ransomware gang called Bashe posted on the dark web that it plans to dump a database with 105,383 lines belonging to Pick n Pay.
Bashe gave Pick n Pay until the morning of 14 January to pay the required ransom fee.
Pick n Pay refused to pay and Bashe ended up releasing the data. It was then that Pick n Pay discovered that the database belonged to Claim Expert and not them.
Claim Expert said the incident happened on 18 July 2024 when “a file containing personal information was mistakenly exposed online”.
“Out of caution, we believe some of the data on the file may have been accessed. We are notifying you now so you know about the actions that we are taking and can take proactive measures to protect your information.”
Pick n Pay released a statement saying that it has “in no way experienced any data breach or ransomware attack”.
“Our platforms remain fully operational. We take data security very seriously. Our IT team reviewed these claims and found they relate to a former service provider’s data breach dating back to July 2024.”
Pick n Pay also added that it had stopped working with Claim Expert “more than a year before that”.
Image credit: EasyDMARC