In a worrisome turn of events, retail behemoth Naivas has become the latest victim of a cyber attack, resulting in a massive data breach that has exposed customers’ confidential information. The unidentified hackers behind the ransomware attack have yet to reveal their motives, leaving the supermarket chain and its clients on edge.
This incident, which has seen an unprecedented level of customer data exposure in Kenya, compromised servers and systems at the retail giant. Private information, such as invoices, agreements, and customer data, has now become vulnerable to potential misuse by unknown entities.
Naivas’ Chief Commercial Officer, Willy Kimani, confirmed that the company’s data had been compromised in the attack. In a letter, Kimani stated, “This unlawful intrusion may have compromised some of our data. Naivas has contained this attack, and our systems are secure, and our operations are normal.” He also emphasized that the company is actively cooperating with the relevant law enforcement agencies investigating the recent wave of ransomware attacks in Kenya.
Although Naivas has assured clients and partners that its systems have been secured and the attack contained, the company clarified that it does not store any credit or debit card information in its systems. Payment information is securely handled and protected via Secure Sockets Layer (SSL) encryption. “At this moment, we are not aware of any malicious use of stolen data,” the company said.
In light of the breach, Naivas has urged customers to be vigilant against potential phishing attempts through phone calls, text messages, or emails, and to update their security information such as passwords. “At this moment, we are not aware of any malicious use of stolen data. However, it is recommended in the face of this type of situation to pay particular attention to any phishing attempts (by phone, SMS or email),” the company added.
The retail giant has identified Threat Actor as the alleged orchestrator of the cyber attack and anticipates that the group will publish the stolen data. Naivas has reported the incident to the Office of the Data Protection Commissioner of Kenya, who is now closely monitoring the situation.