‘Your debit card information wasn’t stolen,’ Naivas boss on cyber attack
Naivas Supermarket has now announced that it has fallen victim to a ransomware attack carried out by a suspected online criminal organisation.
In a statement signed by Willy Kimani, the supermarket’s chief commercial officer, it revealed that while the attackers may have compromised some data, they have already managed to contain it and their systems are secure, and operations are normal.
“Upon learning of the attack, Naivas immediately took steps to prevent external access and engaged leading cyber security experts CrowdStrike to ensure system integrity. This process has been completed and our systems are secure. We are cooperating with the relevant law enforcement agencies as they investigate this and the many ransomware attacks currently taking place in Kenya,” the statement read in part.
The retailer said those behind the attack had claimed to have stolen some of the data and threatened to publish the details.
Also read: EXPOSED: How fraudsters are minting money from Nairobi online shoppers
However, Naivas Supermarket said it had involved law enforcement agencies in the whole matter, who were monitoring the situation more closely.
Officials from the Office of the Data Protection Commissioner in Kenya are also looking into the matter.
“Naivas would like to confirm that we do not hold any credit card/debit card information on our systems and that such payment information is handled securely and protected by Secure Sockets Layer (SSL) encryption,” the statement added.
Mr Kimani said that at the moment they are not aware of any malicious use of the stolen data after conducting their own internal investigations.
“However, in this type of situation, it is recommended to pay special attention to any phishing attempts (by phone, SMS or email) as well as to the sufficient security of passwords,” he said.
The Chief Commercial Officer said that the supermarket takes the protection of personal information very seriously and apologised to customers.
Also read: Rachel Ruto disowns online scam using her name to defraud the public