Kenya-based supermarket chain Naivas has confirmed that it was a victim of a ransomware attack carried out by an online criminal organisation.

A statement from Naivas’ chief commercial officer Willy Kimani said that some of the company’s data had been compromised, but the containment process is complete and its system is now secure.

Naivas chief commercial officer Willy Kimani said: “Naivas regrets to announce that alongside many corporates and organisations in and outside Kenya, we have been the victims of a ransomware attack by an online criminal organisation (Threat Actor).

“Naivas has been made aware that the Threat Actor has claimed to have stolen some of our data and is alleging that this may be published in due course. We and law enforcement agencies are monitoring this closely. Naivas has also informed the Office of the Data Protection Commissioner Kenya of this incident.”

Meanwhile, Naivas reassures its customers that its systems do not hold any credit or debit card information.

The retailer also claimed to securely handle payment information and is protected through Secure Sockets Layer (SSL) encryption.

There is currently no evidence of any malicious use of stolen data, but Naivas has warned customers to be vigilant for any phishing attempts by phone, SMS, or email.

Kimani added: “We take the protection of personal information very seriously. Please accept our deepest apologies for the worry and inconvenience that this criminal activity may cause.”

The attack on Naivas’ data comes just a week after the Australian supermarket Coles confirmed that a cybercriminal group had stolen its historical customer credit card information.