Gugu Lourie reports:
On the 31st of August 2023, the Information Regulator took action by issuing an Enforcement Notice against Dis-Chem, due to their non-compliance with several provisions of the Protection of Personal Information Act (POPIA).
In the timeline of events, it was revealed that during the months of April and May in 2022, a brute force attack was launched against Grapevine, a third-party service provider engaged by Dis-Chem. A brute force attack involves repeated attempts to guess a password until the correct combination is discovered. It wasn’t until the 1st of May 2022 that Dis-Chem became aware of this security breach when certain employees received SMS notifications.
Read more at TechFinancials.