In April this year, local retail chain Naivas reported a cyber attack on their systems. The supermarket claimed that the attack was a ransomware attack.
“…we have been the victims of a ransomware attack by an online criminal organisation (Threat Actor)…Naivas has contained this attack, and our systems are secure and our operations are normal” read a statement from Naivas Supermarket.
It now emerges that the cybersecurity breach resulted in the exposure of crucial customer data. According to the government the criminal group was able to transfer 611 GB of personal data.
Naivas attackers obtained information from their customer loyalty program. The data illegally transferred had names, phone numbers, and email addresses.
Needlessly to say, the breach leaves those whose data was accessed exposed to a wide range of cyber-attacks.
Naivas Faces a Fine.
According to set laws, a cyber-attack of this kind must be reported within 72 hours of discovery. However, Naivas failed to follow the set law and did not report. As a result, Data Commissioner Immaculate Kassait said the local supermarket chain may be fined up to KES 5 Million.
Being a country at the forefront of digitization, Kenya has always been at risk of cyber-attacks. In June, it was reported that Anonymous Sudan has over a number of days engaged in Distributed-Denial of Service (DDoS) attacks against Kenyan infrastructure. The group has claimed to have attacked various websites belonging to Government organizations as well as public companies leaving the sites temporarily inaccessible.
In addition, cyber-attacks targeting the country have risen in 2023, to a high of 444 million. This ranks Kenya among the top three most targeted countries in the region, alongside South Africa and Nigeria.