JOHANNESBERG, June 2 – South African retailer Pick n Pay has confirmed a data breach involving customer information linked to an older version of its on-demand delivery platform, prompting renewed concerns about data security and the management of retired digital systems.
The affected platform was originally launched as Bottles before being rebranded as Pick n Pay Asap!. According to the company, the system has since been replaced, but customer records stored on the older platform were accessed during the incident.
Pick n Pay began notifying affected customers on May 30, stating that users who registered for the service on or before 2022 may have been impacted. The company said the exposed information includes customer names, contact details, delivery addresses and limited payment card information. However, it stressed that full card numbers and CVV security codes were not stored on the affected system.
While Pick n Pay said the leaked information cannot be used to carry out card transactions, cybersecurity experts noted that exposed personal data could still be used in phishing attempts and identity fraud schemes.
Industry specialists said the breach highlights the risks associated with older technology systems that may not have the same level of protection as newer platforms. Others argued that the incident also raises broader questions about how companies manage and retain customer data after services have been discontinued.
The breach has drawn the attention of South Africa’s Information Regulator, the body responsible for enforcing the Protection of Personal Information Act (POPIA). Authorities have encouraged affected consumers to report any concerns regarding the handling of their personal information.
Pick n Pay said it has notified the regulator and is working with cybersecurity experts to investigate the incident while reviewing its data management and retention practices as part of ongoing efforts to strengthen customer data security.
