Naivas Supermarkets has moved to reassure customers that their data shared with the supermarket chain following a ransomware attack on the firm’s systems. In a statement, the supermarket said that it “regrets to announce that alongside many corporates and organisations in and outside Kenya,” it had been a victim of ransomware attack an online criminal organisation.”
“This unlawful intrusion may have compromised some of our data. Naivas has contained this attack, and our systems are secure and our operations are normal… On becoming aware of the attack, Naivas took immediate steps to prevent external access and engaged leading cybersecurity experts CrowdStrike to ensure system integrity. This process is complete and our systems are secure. We are cooperating with the relevant law enforcement agencies, as they investigate this and the many current ransomware attacks in Kenya,” Naivas said, adding, “Naivas has been made aware that the Threat Actor has claimed to have stolen some of our data and is alleging that this may be published in due course. We and law enforcement agencies are monitoring this closely. Naivas has also informed the Office of the Data Protection Commissioner Kenya of this incident.”
Naivas Supermarktets, which now has 80 outlets in the country, has also stated that it does not hold any credit card/debit card information on its systems, and that such payment information is handled securely and protected through Secure Sockets Layer (SSL) encryption.
“At this moment, we are not aware of any malicious use of stolen data. However, it is recommended in the face of this type of situation to pay particular attention to any phishing attempts – by phone, SMS or email – as well as to the sufficient security of passwords,” added Naivas. “We take the protection of personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity may cause.”
For further guidance, Naivas Supermarkets issued the FAQs below to the public and its customers: