Naivas, one of the largest supermarket chains in Kenya, has fallen victim to a ransomware attack by an online criminal organization (threat actor), resulting in the potential compromise of some of their data. In a statement released by the company, Naivas expressed regret at the breach.
Yesterday, Naivas appeared on ALPHV/BlackCAT dark web leak site, while no real data was published, some samples of financial data, customers, and partners’ personal information were shared.
Group: alphv
Approx. Time: 2023-04-21 18:33:16.632004
Title: NAIVAS WAS HACKED. A LARGE AMOUNT OF CONFIDENTIAL DATA HAS BEEN STOLEN.— Ransomware News (@RansomwareNews) April 21, 2023
According to the statement, Naivas became aware of the attack and immediately prevented external access to their systems. They also engaged CrowdStrike, a leading cybersecurity firm, to ensure system integrity, and have confirmed that their systems are now secure. The company has stated that they are cooperating with law enforcement agencies as they investigate the attack and other recent ransomware incidents in Kenya.
While Naivas claims to have contained the attack, they have been made aware that the threat actor responsible for the attack has claimed to have stolen some of their data. The attacker has also indicated that they may publish the stolen data at a later time. The company and law enforcement agencies are currently monitoring the situation closely. Naivas has informed the Office of the Data Protection Commissioner Kenya of the incident.
Naivas has also confirmed that they do not hold any credit or debit card information on their systems. Such payment information is instead handled securely and protected through Secure Sockets Layer (SSL) encryption. Currently, the company has not identified any malicious use of stolen data.
In the statement, Naivas advises their customers to pay particular attention to any phishing attempts (via phone, SMS, or email) and ensure their passwords’ security. The company takes the protection of personal information very seriously and apologizes for any inconvenience caused by criminal activity.
Discover more from Techspace Africa
Subscribe to get the latest posts sent to your email.