Retail giant Naivas Supermarket has acknowledged a ransomware attack by an online criminal organization known as Threat Actor.
In a statement on Sunday, Naivas Chief Commercial Officer Willy Kimani indicated that some of its data may have been compromised.
Mr Kimani explained that the attack had been contained and normal business had resumed.
“Naivas took immediate steps to prevent external access and engaged leading cybersecurity experts CrowdStrike to ensure system integrity,” Mr Kimani said.
“This process is complete and our systems are secure. We are cooperating with the relevant law enforcement agencies, as they investigate this and the many current ransomware attacks in Kenya.”
NAIVAS DATA THEFT NOTIFICATION pic.twitter.com/H1a1sRMP88
— #NaivasKikwetuFiesta (@naivas_kenya) April 23, 2023
In response to the security of consumer information, Naivas said that it does not save credit card or debit card data on its servers.
In addition, the retailer asserted that Secure Sockets Layer (SSL) encryption ensures the safety and security of payments made through their system.
“At this moment, we are not aware of any malicious use of stolen data. However, it is recommended in the face of this type of situation to pay particular attention to any phishing attempts (by phone, SMS or email) as well as to the sufficient security of passwords,” added the retailer.
“We take the protection of personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity may cause.”
The supermarket giant also stated that it was keeping an eye on reports that the hackers may have leaked the data online, together with law enforcement agencies.
“We and law enforcement agencies are monitoring this closely. Naivas has also informed the office of the Data Protection Commissioner Kenya of this incident.”
Email your news TIPS to Editor@kahawatungu.com or WhatsApp +254707482874. You can also find us on Telegram through www.t.me/kahawatungu
