RansomHouse, a ransomware gang, has claimed responsibility for the cyberattack on Shoprite, Africa’s largest retailer.
The attack, which Shoprite confirmed a week ago, compromised customer data in Eswatini, Namibia and Zambia, the company said. Shoprite said the data breach “included names and ID numbers, but no financial information or bank account numbers.”
In messages posted on RansomHouse’s Telegram channel and seen by TechCrunch, the gang, which is said to be targeting companies with weak security, claimed to have obtained 600 gigabytes of data from Shoprite. It said to have collected personal data that was “in plain text/raw photos packed in archived files, completely unprotected.”
The group also claimed to have contacted Shoprite’s management for negotiations, and also hinting that they will sell the data and make some of it public if the talks failed.
TechCrunch reached out to Shoprite to confirm if RansomHouse had made contact with them, and to get more details including the number of customers affected by the attack, but the retailer declined to comment while referring us to this statement they posted following the incident.
In the statement, the retailer said investigations were ongoing and that it had notified the information regulator at its headquarters in South Africa (SA).
“An investigation was immediately launched with forensic experts and other data security professionals to establish the origin, nature, and scope of this incident,” said Shoprite.
“Additional security measures to protect against further data loss were implemented by amending authentication processes and fraud prevention and detection strategies to protect customer data. Access to affected areas of the network has also been locked down,” it said.
The group urged affected customers to take precautionary measures while saying that it had not noted any misuse or publication of the data.
“The Group (Shoprite) is not aware of any misuse or publication of customer data that may have been acquired, however, web monitoring relating to the incident continues…. there is a possibility that the impacted customer data may be used by the unauthorized party,” it said.
Shoprite is Africa’s largest chain retailer with 2,933 stores as of February this year. Its brands include Shoprite, Usave, LiquorShop, Checkers, Checkers Hyper and House & Home. The retailer has a strong financial performance with its operating profit rising last year by 19% (in the financial year ended July 4) to 9.7 billion rand ($681 million).