RansomHouse, a ransomware gang, has claimed responsibility for the cyberattack on Shoprite, Africa’s largest retailer.
The attack, which Shoprite confirmed a week ago, compromised customer data in Eswatini, Namibia and Zambia, the company said.
Shoprite said the data breach “included names and ID numbers, but no financial information or bank account numbers.”
In messages posted on RansomHouse’s Telegram channel, the gang, which is said to be targeting companies with weak security, claimed to have obtained 600 gigabytes of data from Shoprite.
It said to have collected personal data that was “in plain text/raw photos packed in archived files, completely unprotected.”
The group also claimed to have contacted Shoprite’s management for negotiations, and hinted that it will sell the data and make some of it public if the talks failed.
In the statement, Shoprite said investigations were ongoing and that it had notified the information regulator at its headquarters in South Africa (SA).
“An investigation was immediately launched with forensic experts and other data security professionals to establish the origin, nature, and scope of this incident,” said Shoprite.
“Additional security measures to protect against further data loss were implemented by amending authentication processes and fraud prevention and detection strategies to protect customer data. Access to affected areas of the network has also been locked down,” it said.
The group urged affected customers to take precautionary measures while saying that it had not noted any misuse or publication of the data.
“The Group (Shoprite) is not aware of any misuse or publication of customer data that may have been acquired, however, web monitoring relating to the incident continues…. there is a possibility that the impacted customer data may be used by the unauthorized party,” it said.
Shoprite is Africa’s largest chain retailer with 2,933 stores as of February this year.