Shoprite the latest victim of data leak crime wave
Millions of South Africans trust Shoprite, South Africa’s largest supermarket group, to bring them great deals on groceries and household items. Social media was abuzz in June when the retailer suffered a major data breach exposing personal details of its money transfer clients.
The cyberattack carried out by the hacking group RansomHouse is the latest in a wave of online crimes targeting South African corporates. Here’s how it happened and what it could mean for you if you use Shoprite to send money to friends and family.
Shoprite gets more than it bargained for from cybercriminals
A discount retailer may not sound like a prime target for criminals trying to steal sensitive information, but it wasn’t the shopping side of Shoprite’s business that fell prey to hackers.
- The company’s “know-your-customer” database (FICA) for its money transfer service, which is used by many people who don’t have traditional bank facilities, received a rude awakening when customer information fell into the hands of RansomHouse with the hacking group posting about its success on the Dark Web.
- Claiming full responsibility for the attack, RansomHouse hackers boasted that Shoprite’s weak data security policies resulted in sensitive information being stored by staff in plain text documents which were unprotected and unencrypted.
- Once obtained by the hackers, this information containing customers’ personal details was as easy to access as any word document on any computer.
The hackers threatened to auction the data on the dark web with bidding starting at 20 bitcoin (app R6.7 million). To prove that they had the files RansomHouse posted more than 350 files of customer data on it’s dark web website.
cybersecurity is no longer simply a “nice-to-have”
The Shoprite cybercrime incident shines a spotlight on the dangers of unprotected data and the absolute necessity for companies of all sizes to protect their information.
Shoprite has refused to communicate with the RansomHouse hackers to prevent further leaks but assured customers that they would launch a full investigation with forensic experts to ascertain the origin of the data leak, how and why it happened and the scope of the leak. The company also stated that additional security measures and detection strategies had been implemented across the group to prevent further loss of data.
There is little doubt that Shoprite has been left wondering if the entire event could have been avoided simply by using secure cloud storage and taking other simple data protection measures.
protect your data with secure cloud storage
When it comes to cybersecurity, sometimes it’s best to learn from the mistakes of others and avoid a damaging cyberattack. Reduce and mitigate the risk of a data leak by protecting your business information today with one of our secure cloud storage packages.