Africa's largest supermarket chain, Shoprite Holdings, suffered a ransomware attack (opens in a new tab) that may have put users' personal data at risk.

The company issued a statement informing customers in Eswatini, Namibia and Zambia of a possible compromise.

"Additional security measures have been implemented to protect against further data loss by modifying authentication processes and fraud detection and prevention strategies to protect customer data," the statement said. “Access (opens in a new tab) to the affected areas of the network has also been blocked. The data compromise included names and identification numbers, but not financial information or bank account numbers."

ransomware Shoprite

Shortly after issuing the warning, a threat actor known as RansomHouse claimed responsibility for the attack, the publication said. The group apparently released an evidence sample, 600GB in size, claiming to be data it stole from supermarket terminals.

Not only did they post a sample of evidence, but they also asked Telegram to explain how Shoprite employees' lack of cybersecurity practices was "outrageous." "Your staff kept large amounts of personal data secret, without any protection," the group apparently said. There was no mention of malware (opens in a new tab) or vulnerabilities that were abused in the attack.

The group also said that it invited the company to negotiate the return of the data and payment for the decryption key, but they only changed their passwords, "as if that solved everything."

If Shoprite decides not to pay the ransom demand, the data will likely be sold to third parties or publicly leaked, in case there is no data demand.

Shoprite is the largest supermarket chain on the African continent. It has almost 3000 stores in several countries, including South Africa, Nigeria, Ghana, Madagascar, Mozambique, Namibia, Democratic Republic of the Congo, and Angola, according to BleepingComputer. It has almost 150.000 employees and sales of €5,8 billion.

Via: BleepingComputer (Opens in a new tab)

Share This