Cyber Incident Victim: Shoprite Holdings

On or around June 10, 2022, Shoprite Holdings, Africa’s largest supermarket chain operating 2,943 stores across twelve countries, experienced a cybersecurity incident involving unauthorized access to customer data. The company disclosed the breach on June 14, 2022, warning customers in Eswatini, Namibia, and Zambia that their personal information—specifically names and ID numbers—might have been compromised. Shoprite confirmed no financial information or bank account details were exposed. The retailer implemented immediate containment measures, including locking down affected network areas, amending authentication processes, and enhancing fraud prevention and detection strategies to prevent further data loss. These actions aimed to secure customer data without disrupting business operations, as the company reported no operational interruptions or encryption-related issues.

The ransomware group RansomHouse claimed responsibility for the attack on June 14, 2022, posting a 600GB sample of stolen data and criticizing Shoprite’s security practices via Telegram. RansomHouse, operational since December 2021, described itself as specializing in data theft and extortion rather than encryption, though it acknowledged occasional partnerships with ransomware groups like White Rabbit. The group threatened to sell or publicly release the stolen data if Shoprite refused to pay a ransom, escalating risks of misuse by unauthorized parties. Shoprite reiterated the seriousness of the data exposure in its public statement, advising affected customers to remain vigilant against unsolicited communications, change account passwords, and avoid sharing personal information via phone, SMS, or email. The incident highlighted vulnerabilities in the retailer’s network security while underscoring the operational focus on mitigating data misuse risks through procedural and technical countermeasures.