Clicks limits access to customers' personal data after cyber attack

Clicks has deployed a security patch to limit access to customers' personal data after a cyber attack.

The retail pharmacy company said the incident took place on May 31, resulting in a small number of clients' data being accessed.

“On becoming aware of the incident, we immediately invoked our standby cyber and IT protection protocols, deployed a security patch to limit further access to personal data and reported the incident to the information regulator,” Clicks said.

“The isolated incident related to about 0.05% of our pharmacy customers. The data accessed included customers’ names, ID numbers, contact details and selected dispensary details relating to transactions in May at a small number of Clicks pharmacies. 

“Where healthcare information was accessed, it mainly related to purchases of over-the-counter medication (such as Myprodol, Allergex and Corenza-C). Where customers’ personal information was accessed, in most cases it was incomplete (eg a name with no contact details or a cellphone number without a name). No customer passwords or banking information was accessed.”

Clicks said it was investigating the incident and was contacting affected customers to advise them of the incident and offer them appropriate advice and support.

“Clicks maintains high IT security standards which we continuously review and update to safeguard our customer information. We apologise for the inconvenience that this incident has caused and wish to assure our customers of our continued commitment to providing excellent customer service as their trusted partner in healthcare.”

What steps can I take to protect myself? 

The company suggests these steps to protect yourself from your information being misused:

• Be aware of emails and telephone calls from people requesting your personal details, especially your date of birth, residential address, email address, username or passwords, which are used to verify your identity.
• If you receive unwanted telemarketing calls, consider registering your number with the Direct Marketing Association of South Africa’s “Do Not Call register”.
• Though no financial data was compromised, if you are concerned you can alert your financial institution and, where applicable, medical aid so they can implement additional monitoring and security protocols on your account.
• Closely monitor your medical aid statements for unauthorised transactions. If you identify a transaction you did not make, report it immediately to your medical aid administrator.
• Contact South Africa’s reporting agencies (TransUnion and Experian) to confirm if your identity has been used to obtain credit without your knowledge.
• We have implemented additional safety measures, but please be cautious of individuals who might impersonate Clicks to obtain further information from you.
• If you are approached by someone claiming to be from Clicks and you feel uncomfortable providing the information requested, visit one of our stores to speak to a pharmacist.

Support independent journalism by subscribing to the Sunday Times. Just R20 for the first month.