As a result of a hacker attack on the online system of the Super-Pharm chain of drugstores and pharmacies, customer data was leaked. The incident occurred on October 21, when cybercriminals exploited a vulnerability in the e-commerce software - Magento operated by an external supplier, Adobe Commerce. Super-Pharm informed customers about the leak by sending an email on October 25 with an apology and assurance of the steps taken to secure the system.

The leak concerns data such as first name, last name, e-mail address, delivery address, telephone number and details of customer orders. The company noted that so far there is no evidence that unauthorized persons downloaded this data, and the incident does not include login information to the mobile application and the Super-Pharm Club.

In response to the incident, the company immediately blocked access to the system, removed the security hole, implemented additional security measures and reported the matter to the President of the UODO, CERT Polska and the police. Super-Pharm also commissioned experts to monitor the situation to see if any further data leaks by hackers occurred.

Customers were warned that their data could be used for phishing (both email and text messages), spoofing, spam or other fraudulent activities. The store noted that the data leak could lead to image damage and the risk of disclosing private information related to orders.

Source: cyberdefence24.pl