Africa’s largest supermarket chain has fallen victim to a cyber extortion gang that is threatening to leak customer data online unless it pays up.

RansomHouse has claimed responsibility for an attack on Shoprite after the company disclosed last week that there was a “possible data compromise”affecting some money transfer clients.

Shoprite said “a specific sub-set of data” of some customers was potentially affected, specifically those who performed money transfers to and within Eswatini, and within Namibia and Zambia.

It has now emerged that the “specific sub-set of data” not only includes names and ID numbers but also photographs of people’s government-issued identity documents.

In its notice about the breach, Shoprite said affected customers would receive an SMS to the cell number supplied at the time of the transaction.

It also assured that it launched an investigation with forensic experts and other data security professionals to establish the incident’s origin, nature, and scope.

Shoprite said it implemented additional security measures to protect against further data loss by amending authentication processes, and fraud prevention and detection strategies to protect customer data.

It also locked down access to affected areas of its network.

However, according to RansomHouse, Shoprite had left customers’ data wholly unprotected.

RansomHouse is a new extortion market that first appeared on the dark web in May 2022, Bleeping Computer reports.

Despite its name, the group claims it does not produce or use any ransomware.

“It’s been quite some time since we encountered something THAT outrageous,” the group said about the Shoprite breach on messaging platform Telegram.

“Their staff was keeping enormous amounts of personal data in plain text [and] raw photos packed in archived files, completely unprotected,” said RansomHouse.

“We’ve contacted Shoprite management and invited them to negotiate, but the only thing they did is change their passwords like it solves everything,” they claimed.

“If their position doesn’t change, most of this data will be sold with something disclosed to the public.”

RansomHouse said that apart from know-your-customer data, they also obtained “lots of other interesting stuff” from the company.

“Yes, they like to keep a lot of things unprotected,” RansomHouse said.

As proof of their claims, RansomHouse posted 356 files to its website on the dark web containing customer identity data. Compressed, the files are just over 400MB.

The group claims it obtained about 600GB of data and that it breached Shoprite’s systems on 6 June 2022.

Editor@tech-talk.co.za