Naivas Supermarket on Sunday announced some of its data had been compromised.
In a statement, Naivas said it has contained the attack, and systems are secure, adding that operations are normal.
“On becoming aware of the attack, Naivas took immediate steps to prevent external access and engaged leading cybersecurity experts CrowdStrike to ensure system integrity,” the statement read
“We have been the victims of a ransomware attack by an online criminal organisation.”
It added that the containment process is complete and the system is now secure, adding that it does not hold any credit card/debit card information in their systems.
“Such payment information is handled securely and protected through Secure Sockets Layer (SSL) encryption. At this moment, we are not aware of any malicious use of stolen data,” it said.
Naivas also said the organisation is cooperating with the relevant law enforcement agencies, as they investigate the matter and the many current ransomware attacks in Kenya.
“Naivas has been made aware that the Threat Actor has claimed to have stolen some of our data and is alleging that this may be published in due course. We and law enforcement agencies are monitoring this closely. Naivas has also informed the Office of the Data Protection Commissioner Kenya of this incident,” it said.
“We take the protection of personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity may cause.”