3 Steps Supermarket Took To Stop Hackers Threatening Millions Of Kenyans
In a statement, the retailer revealed that the unlawful breach of its systems by the hackers may have compromised some of its data
admin
A local supermarket on Sunday, April 23 confirmed that it was attacked through its network by notorious hackers under the online criminal organisation, Threat Actor.
In a statement, the retailer revealed that the unlawful breach of its systems by the hackers may have compromised some of its data which put millions of Kenyans who are its customers at risk of having their privacy exposed.
The supermarket managed to contain the attack and restore its operations after securing its systems. It also broke down steps so that it avoids being hit by similar attacks in what was viewed to be the largest hacks targeting a major retail chain.
A hacker working on his computers. /AVAST
"On becoming aware of the attack, we took immediate steps to prevent external access and engaged leading cybersecurity experts CrowdStrike to ensure system integrity. This process is complete and our systems are secure.
"We are cooperating with the relevant law enforcement agencies, as they investigate this and the many current ransomware attacks in Kenya," the supermarket explained in a statement.
It was further made aware that Threat Actor claimed to have stolen some of its data and allegedly published it in due course, a matter the retailer, as well as law enforcement agencies, are monitoring closely as it also informed the Office of the Data Protection Commissioner Kenya.
The supermarket further allayed Kenyans' fears of the hack at risk of endangering their personal information on the internet, including their credit and debit card information used while paying for goods purchased from the supermarket, even though it urged Kenyans to be wary of any suspicious information that may reach them online.
"We would like to confirm that we do not hold any credit card/debit card information on our systems and that such payment information is handled securely and protected through Secure Sockets Layer (SSL) encryption.
"At this moment, we are not aware of any malicious use of stolen data. However, it is recommended in the face of this type of situation to pay particular attention to any phishing attempts (by phone, SMS or email) as well as to the sufficient security of passwords," added the retailer, which issued its apology to Kenyans for the inconvenience the act may have caused, assuring them of utmost protection of personal information.
The retail chain appeared on ALPHV/ Black a dark web leak, with details of important data belonging to partners, invoices, agreements, and customer data splashed online.
In 2022, Kenya is said to have lost Ksh3.6 billion to cybercriminals, with the hardest hit being commercial banks and Saccos which had their accounts cleaned out by hackers who managed to gain access.
Cybercrime has also been blamed for the vanishing of cash from customer bank accounts, with one such case affecting a local bank which sparked an uproar after customers reported their money being withdrawn from their accounts without their knowledge.
The firms have been blamed for failing to invest in measures to prevent cyber criminals from accessing their records and accounts.
According to CrowdStrike, a threat actor, also known as a malicious actor, is any person or organization that intentionally causes harm in the digital sphere and exploits weaknesses in computers, networks and systems to carry out disruptive attacks on individuals or organizations.
The supermarket joined the likes of institutions such as the Kenya Airports Authority (KAA) which was reportedly breached by a suspected member of the notorious cyberterrorist group dubbed Medusa who claimed to have stolen some of KAA's files that were leaked online.
