Naivas Supermarket’s System Hacked, Data Stolen

Wycliffe Musalia reports that Kenya’s Naivas supermarket chain in Kenya has been the victim of a ransomware incident, but the chain assures customers that certain customer data such as payment card data was never at risk because it is not stored on their system.

From the news report, it sounds like the company notified law enforcement, brought in CrowdStrike, and published a notice to consumers on Twitter on April 23.

NAIVAS DATA THEFT NOTIFICATION pic.twitter.com/H1a1sRMP88

— #NaivasKikapuKibonge (@naivas_kenya) April 23, 2023

Read more at Tuko.ke.

The attack has been claimed by BlackCat, who have posted some proof of claims and a post about how data will be sold for money laundering and other criminal activities. Perhaps the only thing that is really noteworthy about the post is the claim that they acquired more than 1TB of data. At some point, Naivas may need to address how so much data could be exfiltrated without their awareness or detection system alerting them.

PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
Hungarian police arrest suspect in cyberattacks on independent media
Two more entities have folded after ransomware attacks
British institutions to be banned from paying ransoms to Russian hackers
Data breach feared after cyberattack on AMEOS hospitals in Germany
Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks

Related: