Retail supermarket franchise Naivas on Sunday, April 23, assured their clients that their data was not breached during an attack by international hackers.
In a statement seen by Chief Communications Officer Willy Kimani, the retailer confirmed that credit and debit card data was not part of the data accessed by hackers identifying themselves as Threat Actor.
"Naivas would like to confirm that we do not hold any credit card/debit card information on our systems, and that such payment information is handled securely and protected through Secure Sockets Layer (SSL) encryption," the statement read in part.
The supermarket chain disclosed that they quickly intervened to enforce their data security systems to avert a second attack.
"Naivas has contained this attack, and our systems are secure, and our operations are normal.
"We engaged leading cybersecurity experts CrowdStrike to ensure system integrity. This process is complete and our systems are secure," Kimani wrote.
In addition, the firm confirmed that they had filed a report with local enforcement agencies that launched investigations into the matter.
Naivas acknowledged threats by the hackers to leak the obtained data, adding that they partnered with the Office of the Data Protection Commissioner Kenya to monitor the same.
Nonetheless, it asked its clients to remain vigilant against data phishing attempts through phone calls, SMS, and e-mail.
In addition, clients were advised to secure their data by changing their passwords and access codes to their personal information available online.
Kimani apologised to the customers over the fear and worry that emerged over the alleged data breach. He maintained that the firm took the protection of personal information very seriously.
The retail franchise joined the Kenya Airports Authority (KAA) in the list of Kenyan firms listed by various international hacking groups as victims of a data breach.
