The Shoprite Group said on Friday evening it had become aware of a suspected data compromise, including names and ID numbers, which may affect some customers who engaged in money transfers to and within Eswatini and within Namibia and Zambia.
“Affected customers will receive an SMS to the cell number supplied at the time of the transaction. An investigation was immediately launched with forensic experts and other data security professionals to establish the origin, nature, and scope of this incident,” the group said in a statement.
“Additional security measures to protect against further data loss were implemented by amending authentication processes and fraud prevention and detection strategies to protect customer data. Access to affected areas of the network has also been locked down. The data compromise included names and ID numbers, but no financial information or bank account numbers.”
The Group said it had notified the information regulator and the incident involved a “specific sub-set of data”.
“Investigations are on-going. The group is not aware of any misuse or publication of customer data that may have been acquired, however web monitoring relating to the incident continues.”
There was a possibility that impacted customer data could be used by the unauthorised party. Customers were advised to:
- Not disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, SMS or email.
- Change passwords regularly and never share them with anyone else.
- Verify all requests for personal information and only provide it when there was a legitimate reason to do so.
“Should any unauthorised activity be detected, customers should immediately notify the group or relevant authorities. The group sincerely apologises to those affected.”