Pick n Pay Confirms Data Breach Affecting Former *asap!* App Users South African retail giant Pick n Pay has acknowledged a data breach exposing personal information of users from its former on-demand app, Pick n Pay asap! (previously known as Bottles). The incident, disclosed in an email to customers on Thursday, involves records dating back to 2022, which were recently discovered online. Compromised Data The leaked dataset includes: - Names, contact details, and dates of birth - Delivery addresses linked to the service - Partial payment card details (cardholder names, card types, last four digits, and expiry dates) - Encrypted passwords - Smart Shopper numbers (where linked) Notably, full card numbers and CVV codes were not stored and remain unexposed, preventing direct fraudulent transactions. However, Pick n Pay warns that the combination of leaked details could enable phishing or social engineering attacks, with criminals potentially impersonating banks or the retailer to extract sensitive information. Impact and Response The breach affects users registered on the app before 2022. The current Pick n Pay asap! and Smart Shopper platforms operate on separate systems and are unaffected. Pick n Pay has launched a forensic investigation with an independent cybersecurity firm, engaged the Information Regulator and law enforcement, and is reviewing data retention practices. A dedicated support channel has been established for affected customers, including a helpline (086 099 6727) and email ([email protected]). The retailer has apologized for the incident and pledged to strengthen security protocols. Customers are advised to monitor communications for suspicious activity and avoid sharing sensitive details like PINs or one-time passwords. The Information Regulator can also be contacted directly for further assistance.