Naivas Supermarket’s System Hacked, Data Stolen. Looks like Naivas Supermarket, the largest retail chain in Kenya at the moment was backed and important data belonging to partners, invoices, agreements, and customer data were splashed online.
The retail chain appeared on ALPHV/ Black a dark web leak, in what is likely to be one of the largest hacks targeting a retail chain in Kenya. Naivas Supermarket has not given a statement.
Wycliffe Musalia reports that Kenya’s Naivas supermarket chain in Kenya has been the victim of a ransomware incident, but the chain assures customers that certain customer data such as payment card data was never at risk because it is not stored on their system.
From the news report, it sounds like the company notified law enforcement, brought in CrowdStrike, and published a notice to consumers on Twitter on April 23.
Naivas Supermarket has a huge amount of data in Kenya given that they have phone numbers through their Naivas loyalty card and also customers use M-Pesa to pay for their purchases.
Other information that has been seen includes details of suppliers including their bank accounts, agreements, and bank details of Naivas Supermarket itself. The case of Naivas brings to the surface the danger of cybercrime in Kenya.
In 2022, Kenya is said to have lost 3.6 billion shillings to cybercriminals. Most of the affected were commercial banks and Saccos who lost billions of shillings after hackers accessed their bank accounts.
Cybercrime has been blamed for the vanishing of cash from customer bank accounts in institutions such as Equity Bank Kenya leading to a public outcry. During the year, there were numerous cases of people’s money being withdrawn from their accounts without their knowledge.
The problem with Kenyan firms such as banks, Saccos, and now supermarkets, is that they have failed to invest in measures that would prevent cyber criminals from accessing their records and accounts.
Ironically, Kenya has the office of Data Commissioner whose work is to ensure that Kenyans are protected and this includes ensuring that firms have put in place measures to protect data.
Read more at Tuko.ke.
The attack has been claimed by BlackCat, who have posted some proof of claims and a post about how data will be sold for money laundering and other criminal activities. Perhaps the only thing that is really noteworthy about the post is the claim that they acquired more than 1TB of data. At some point, Naivas may need to address how so much data could be exfiltrated without their awareness or detection system alerting them.
Make sure to check out our social media to keep track of the latest content.
Instagram - @nyongesasande
Twitter - @nyongesasande
Facebook - Nyongesa Sande
YouTube - @nyongesasande
Disclaimer: The information that Nyongesasande.com provides on this website is obtained from publicly available resources and is intended for information or educational purposes only. We aim to present the most accurate information possible. Through this website, you might link to other websites which are not under our control. We have no control over the nature, content and availability of those websites. Inclusion of any links does not necessarily imply a recommendation or endorsement of the views expressed within them. All content on this website is copyright to the website’s owner and all rights are reserved. We take no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control. Please refer to our terms and conditions and privacy policy before using this website.