Naivas confirms it was hit by ransomware attack

Naivas said in a statement signed by Willy Kimani, Chief Commercial Officer, that the attack had been contained and that operations had resumed normally.

"Naivas took immediate steps to prevent external access and engaged leading cybersecurity experts CrowdStrike to ensure system integrity" Kimani said in the media statement. 

"This process is complete and our systems are secure. We are cooperating with the relevant law enforcement agencies, as they investigate this and the many current ransomware attacks in Kenya," 

Concerning the security of customer data, Naivas stated that, while hackers have threatened to leak the data online in the future, the Supermarket does not store credit card or debit card information on its systems.

At the same time, Naivas stated that payments on its system are safe and secure, handled securely, and protected by Secure Sockets Layer (SSL) encryption.

"At this moment, we are not aware of any malicious use of stolen data. However, it is recommended in the face of this type of situation to pay particular attention to any phishing attempts (by phone, SMS or email) as well as to the sucient security of passwords," the statement added. 

"We take the protection of personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity may cause," 

Meanwhile, the supermarket chain says it is monitoring, along with law enforcement agencies, claims that the hackers may leak the data online.

"We and law enforcement agencies are monitoring this closely. Naivas has also informed the office of the Data Protection Commissioner Kenya of this incident," Mr. Kimani added.