Shoprite Group said on Friday evening that it has become aware of a suspected data breach, including names and ID numbers, that may have affected some customers making money transfers to and within Eswatini, as well as within Namibia and Zambia .
“Affected customers will receive an SMS to the mobile phone number specified during the transaction. An investigation was immediately launched with forensic experts and other data security professionals to determine the origin, nature and scope of this incident,” the group said in a statement.
“Additional security measures to protect against further data losses have been implemented by changing authentication processes and fraud prevention and detection strategies to protect customer data. Access to affected areas of the network has also been blocked. The data breach included names and ID numbers, but no financial information or bank account numbers.”
The group said it had notified the information regulator and the incident involved a “specific subset of data”.
“Investigations are ongoing. The group is not aware of any misuse or disclosure of customer data that may have been acquired, however web monitoring in relation to the incident continues.”
There was a possibility that affected customer data could be used by an unauthorized party. Customers were advised to:
- Do not give out personal information such as passwords and PINs if someone asks them to do so via phone, text message or email.
- Change passwords regularly and never share it with others.
- Review all requests for personal information and only provide them when there is a legitimate reason for doing so.
“ Should any unauthorized activity be discovered, customers should immediately notify the group or the relevant authorities. The group sincerely apologizes to those affected.”
Support independent journalism by subscribing to The Sunday Times. Only 20 R for the first month.