Naivas Supermarket Was Hacked, Important Data Splashed Online
Looks like Naivas Supermarket, the largest retail chain in Kenya at the moment was backed and important data belonging to…
Looks like Naivas Supermarket, the largest retail chain in Kenya at the moment was backed and important data belonging to partners, invoices, agreements, and customer data were splashed online.
The retail chain appeared on ALPHV/ Black a dark web leak, in what is likely to be one of the largest hacks targeting a retail chain in Kenya. Naivas Supermarket has not given a statement.
So far, sources indicate that no sensitive information belonging to customers has been released but the hackers are threatening to release them “shortly.” But scarier is the information that some of the data that might be released contain credit information of customers.
Naivas Supermarket has a huge amount of data in Kenya given that they have phone numbers through their Naivas loyalty card and also customers use M-Pesa to pay for their purchases.
Other information that has been seen includes details of suppliers including their bank accounts, agreements, and bank details of Naivas Supermarket itself. The case of Naivas brings to the surface the danger of cybercrime in Kenya.
In 2022, Kenya is said to have lost 3.6 billion shillings to cybercriminals. Most of the affected were commercial banks and Saccos who lost billions of shillings after hackers accessed their bank accounts.
Cybercrime has been blamed for the vanishing of cash from customer bank accounts in institutions such as Equity Bank Kenya leading to a public outcry. During the year, there were numerous cases of people’s money being withdrawn from their accounts without their knowledge.
The problem with Kenyan firms such as banks, Saccos, and now supermarkets, is that they have failed to invest in measures that would prevent cyber criminals from accessing their records and accounts.
Ironically, Kenya has the office of Data Commissioner whose work is to ensure that Kenyans are protected and this includes ensuring that firms have put in place measures to protect data.