A threat actor claims to have breached the Pick n Pay Group, a prominent South African retailer, in July 2024. The group operates three major brands: Pick n Pay, Boxer, and TM Supermarkets. Recently, Pick n Pay launched a vehicle registration disc renewal service available at over 500 stores nationwide.
The alleged breach involves the data of 105,384 users, including:
- Personal identification numbers (id, pnp_id, id_number)
- Full names (first_name, last_name, name)
- Contact information (username, email, mobile_number)
- Financial details (bank_name, bank_branch, bank_code, bank_account_number, bank_account_type, wallet_balance)
- Additional personal and administrative data (role_id, status_id, org_id, batch, package_id, ip_address, country details, etc.)
The threat actor has provided a sample of the compromised data, which also includes sensitive information such as ID documents, BRN certificates, and location data (latitude, longitude).
