Some Pick n Pay customers who used its old on-demand delivery service have been warned that their information, including card details and the delivery address they used, may have been affected in a data breach.

• For more financial news, visit News24 Business.

Some Pick n Pay customers who used its old on-demand delivery service have been warned that their information may have been affected by a recent data breach.

On Thursday evening, Pick n Pay sent an email notice to customers who had registered accounts on Bottles, its old on-demand delivery platform, which was replaced by asap! in 2022, informing them that a dataset containing important customer information had been identified online.

Pick n Pay said it was notifying all customers who had an account on the earlier service, on the basis that their information may have been affected.

The data included in the breach could have serious implications for affected customers.

Pick n Pay said it included the delivery address used with the service, customer names, contact details and birthdates, the name on the payment card linked to the account, the card type, the last four digits of the card number, and the expiry date on the card. Encrypted passwords and smart shopper numbers were also affected.

Importantly, however, Pick n Pay said that full payment card numbers and CVVs were not stored on the system.

“This means the leaked data cannot be used to make fraudulent transactions on customer cards,” the retailer said.

It added that the current asap! and Smart Shopper platform were separate from the Bottles system, and had not been affected by the incident.

Given the nature of the information in the dataset, Pick n Pay warned customers to be vigilant against possible attempts to con them.

“While direct card fraud is not possible from this data, the combination of personal information potentially included could be used by criminals for targeted phishing or social engineering.

“In practice, this means you may be contacted by someone pretending to be from your bank or from Pick n Pay, using personal details to sound convincing, in an attempt to obtain money, passwords, or one-time PINs.”

Pick n Pay recommended that customers change the password for any service that uses the same password as the one linked to their Bottles account, and warned that customers should treat any unsolicited contact that mentions their address with extra caution.

The retailer said it had launched an investigation into the matter with an independent cybersecurity firm and is engaging with authorities.

Pick n Pay apologised to customers for the incident.

“Please be assured that we are treating this matter with the utmost seriousness and are actively implementing additional measures to optimise and strengthen our security protocols.”

It said it had established a dedicated team that can be contacted with queries regarding the incident. It indicated that contact can be made through the following channels:

Email: [email protected]

Helpline: 086 099 6727, available Monday to Sunday, 8am to 8pm

Website: www.pnp.co.za/update