Shoprite data breach in Namibia, Zambia and eSwatini
At the end of last week, mega-retailer Shoprite issued a statement warning customers to be on the alert for identity fraud after a hacking gang claimed to have broken into the Shoprite servers and steal some customer names and ID numbers but no financial information or bank account numbers.
Shoprite said they became aware of a suspected data compromise in a specific sub-set of data and which may affect some customers who engaged in money transfers to and within Eswatini and within Namibia and Zambia.
On Wednesday 15 June, the BleepingComputer website reported that a relatively new but known hacking gang, RansomHouse claimed responsibility for the attack.
“An investigation was immediately launched with forensic experts and other data security professionals to establish the origin, nature, and scope of this incident,” the retailer stated.
“Additional security measures to protect against further data loss were implemented by amending authentication processes and fraud prevention and detection strategies to protect customer data. Access to affected areas of the network has also been locked down.”
In the meantime, Shoprite’s network security has monitored web traffic related to the incident, saying they are not aware of any misuse or publication of customer data that may have been acquired.
As a precautionary, the retailer cautioned its customers in the three affected countries not to disclose any personal information when requested via telephone, SMS or email, adding that all requests for personal information must be verified and only complies with when the request comes from a legitimate source.
