Wycliffe Musalia reports that Kenya’s Naivas supermarket chain in Kenya has been the victim of a ransomware incident, but the chain assures customers that certain customer data such as payment card data was never at risk because it is not stored on their system.
From the news report, it sounds like the company notified law enforcement, brought in CrowdStrike, and published a notice to consumers on Twitter on April 23.
NAIVAS DATA THEFT NOTIFICATION pic.twitter.com/H1a1sRMP88
— #NaivasKikapuKibonge (@naivas_kenya) April 23, 2023
Read more at Tuko.ke.
The attack has been claimed by BlackCat, who have posted some proof of claims and a post about how data will be sold for money laundering and other criminal activities. Perhaps the only thing that is really noteworthy about the post is the claim that they acquired more than 1TB of data. At some point, Naivas may need to address how so much data could be exfiltrated without their awareness or detection system alerting them.