Africa’s Largest Supermarket Retailer Breached, Customer Names and ID Numbers Compromised

Shoprite Group, Africa’s largest supermarket retailer, suffered a data breach that ended up compromising customer names and ID numbers, the company confirmed this week.

Shoprite operates more than 2,900 stores across Africa and employs more than 149,000 people as the biggest private sector employer in South Africa. The company's headquarters are in Brackenfell in the Western Cape province of South Africa.

On Monday, the group said it “became aware of a suspected data compromise, impacting on a specific sub-set of data and which may affect some customers who engaged in money transfers to and within Eswatini and within Namibia and Zambia.”

The company is notifying those affected via SMS as forensic experts and data security professionals work to determine the origin, nature and scope of the incident.

“Additional security measures to protect against further data loss were implemented by amending authentication processes and fraud prevention and detection strategies to protect customer data,” the group said. “Access to affected areas of the network has also been locked down.”

According to the notice, compromised data include names and ID numbers, but no financial information or bank account numbers.

The company is not aware of any misuse or publication of customer data, but continues to monitor the web for leaks relating to the incident.

While there are no clues that cybercriminals are using customer data to conduct fraud, “there is a possibility that the impacted customer data may be used by the unauthorised party,” the group said.

As such, customers are advised to take precautions, including changing their Shoprite account password, and keeping an eye out for unsolicited requests for personal information.

“Should any unauthorised activity be detected, customers should immediately notify the Group or relevant authorities,” the company said.

Affected parties can contact the retail giant with questions or concerns at 0800 01 07 09 or via email at [email protected].

Bitdefender Identity Theft Protection offers continuous monitoring of your identity, privacy and credit status, and delivers instant alerts when your personal information is at risk. Users also get identity theft insurance for up to $2 million in damages.