SOUTH AFRICA – Shoprite, Africa’s largest retailer, is the latest victim of ransomware attack, which have been on the rise in the recent past.
RansomHouse, a ransomware gang, has claimed responsibility for the cyberattack on the supermarket chain owner.
The attack, which Shoprite confirmed a week ago, compromised customer data of clients who engaged in money transfers to and within Eswatini and within Namibia and Zambia.
Shoprite highlighted that the data breach “included names and ID numbers but no financial information or bank account numbers.”
According to reports by Techcrunch, the gang, which is said to be targeting companies with weak security, claimed to have obtained 600 gigabytes of data from Shoprite.
It said to have collected personal data that was “in plain text/raw photos packed in archived files, completely unprotected.”
The group also claimed to have contacted Shoprite’s management for negotiations and hinted that it will sell the data and make some of it public if the talks failed.
Shoprite is yet to make a public response to the hackers but the retailer has assured the public that investigations were ongoing and that it had notified the information regulator at its headquarters in South Africa (SA).
“An investigation was immediately launched with forensic experts and other data security professionals to establish the origin, nature and scope of this incident,” said Shoprite.
Further to that, it highlighted that additional security measures to protect against further data loss were implemented by amending authentication processes and fraud prevention and detection strategies to protect customer data.
“Access to affected areas of the network has also been locked down,” it said.
The group urged affected customers to take precautionary measures while saying that it had not noted any misuse or publication of the data.
“The Group (Shoprite) is not aware of any misuse or publication of customer data that may have been acquired, however, web monitoring relating to the incident continues … there is a possibility that the impacted customer data may be used by the unauthorized party,” it said.
To this end, the retailer urged the affected parties not to disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, SMS or email.
To further ensure paramount security they were advised to change passwords regularly and never share them with anyone else.
“Verify all requests for personal information and only provide it when there is a legitimate reason to do so.
“Should any unauthorised activity be detected, customers should immediately notify the Group or relevant authorities” it stated.
Shoprite is Africa’s largest chain retailer with 2,933 stores as of February this year. Its brands include Shoprite, Usave, LiquorShop, Checkers, Checkers Hyper and House & Home.
A recent ransomware attack was undertaken on the world’s biggest meat processing company, JBS, forcing it to shut down several plants in the U.S. and Australia, which briefly rattled beef markets.
But the plants soon came back online, however the company had to part with US$11 million in ransom to the hackers.
While the JBS hack caught headlines, a closer review of recent cyberattacks on food system suggests that the incident is no anomaly.
In recent years, hackers have managed to breach the operations of numerous prominent food and beverage companies—including a major beer manufacturer (Molson Coors), a distillery (Campari), a fast-food chain (Wendy’s), and a snacking giant (Mondelez)—in some instances severely disrupting production and causing millions of dollars in damages.
The attacks have brought to the fore the importance of the food and agriculture sector and the need to protect its infrastructure from such attacks.