Dear valued Flash App user

RE: NOTIFICATION IN TERMS OF SECTION 22 OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (“POPIA”)

1 Introduction

  • Flash Mobile Vending (Pty) Ltd, a wholly owned subsidiary of Pepkor (Pty) Ltd, (“Flash”) takes data protection extremely seriously and is committed to protecting the personal information of data subjects. This letter serves to notify you, in terms of section 22 of POPIA, of a possible security compromise, and to provide you with information in relation to steps taken to date by Flash to contain and rectify any possible negative consequences arising from the security compromise.

2 Background to the Incident

  • 2.1 A compromise has taken place, and personal information limited to contact details inclusive of e-mail address, ID numbers, secret words, account numbers and physical address details have been exposed. Please take note that no banking or financial data has been compromised (“the Incident”). We take this matter very seriously, and the incident has been contained.
  • 2.2 At present, we do not know the source or the identity of the unauthorised person that accessed the personal information.

3 Possible Consequences of the Incident

  • Your personal information may have been compromised due to this Incident and this could potentially lead to further downstream consequences if left unintended (i.e. identity theft/fraud and social engineering/phishing attempts). We strongly urge you to take the following steps to safeguard your privacy:
  • 3.1 Monitor your transactional activity and report any suspicious activity.
    • 3.2 Change your passwords often and ensure there is complexity in the configuration (e.g. with the use of special characters).
    • 3.3 Be vigilant for phishing attempts: Be cautious of unsolicited emails, messages, or phone calls asking for personal information or financial details. Legitimate organisations will not request this information via unsecure channels.
    • 3.4 Stay updated: Follow official announcements from Flash and regulatory authorities for further instructions and guidance.
    • 3.5 Do not click on any suspicious links.
    • 3.6 Only provide personal information when there is a legitimate reason to do so.

4 Remediation measures implemented by Flash

  • 4.1 As soon as we became aware of a possible POPIA incident, we embarked on mitigating theIncident as follows:
    • 4.1.1 Investigated the extent of the Incident.
    • 4.1.2 Ensured that the Incident has been contained.
    • 4.1.3 Will communicate in line with our regulatory requirements.

5 The entire extent of the Incident is still being investigated and our dedicated team has been working on identifying affected data subjects and providing prompt communication. We will also cooperate with regulatory authorities and implement enhanced security measures to mitigate such incidents in the future.

6 Flash is continuing to use our best endeavours to protect personal information that it processes. We assure you that your privacy and the privacy of our employees and other data subjects are taken very seriously, and we will ensure that appropriate steps are being taken, and will continue to be taken, in order to protect personal information.

Yours faithfully,

Nadine Rix
Deputy Information Officer
Flash Mobile Vending (Pty) Ltd