Naivas Supermarket has responded to an alleged data breach by hackers.
In a statement, the chain store admitted that they were part of organisations that suffered a ransomware attack by an online criminal organisation dubbed Threat Actor.
"Naivas regrets to announce that alongside many corporates and organisations in and outside
Kenya, we have been the victims of a ransomware attack by an online criminal organisation
(Threat Actor). This unlawful intrusion may have compromised some of our data. Naivas has
contained this attack, and our systems are secure and our operations are normal," Naivas Chief Commercial Officer Willy Kimani said.
According to Kimani, the chain store has already secured its systems from further infiltrations, although he was nan-commital on allegations that customer data had been stolen.
"On becoming aware of the attack, Naivas took immediate steps to prevent external access and engaged leading cybersecurity experts CrowdStrike to ensure system integrity. This process is complete and our systems are secure. We are cooperating with the relevant law enforcement agencies, as they investigate this and the many current ransomware attacks in Kenya," Kimani said.
"Naivas has been made aware that the Threat Actor has claimed to have stolen some of our data and is alleging that this may be published in due course. We and law enforcement agencies are monitoring this closely. Naivas has also informed the Office of the Data Protection Commissioner Kenya of this incident."
Naivas does not hold credit card information
Kimani says that the chain store does not hold any credit card/debit card information in their systems.
"Naivas would like to confirm that we do not hold any credit card/debit card information on our systems, and that such payment information is handled securely and protected through Secure Sockets Layer (SSL) encryption," he said.
The retailer has advised its customers to be on the lookout for any phishing attempts by phone, short messages or email and update their security information such as passwords.
"At this moment, we are not aware of any malicious use of stolen data. However, it is recommended in the face of this type of situation to pay particular attention to any phishing attempts (by phone, SMS or email) as well as to the sufficient security of passwords," Kimani.
