Hackers leak Spinneys’ customer data in UAE

Retailer assures no personal banking information was compromised
Hackers leak Spinneys’ customer data in UAE

Supermarket chain Spinneys has announced that a ransomware group has leaked data from its internal server in the UAE.

The hack is said to have happened on July 16, 2022.

In a statement, Spinneys said that the retail chain is aware of unverified emails being sent out from unidentifiable email addresses and that a clop ransomware group may have leaked data hacked from its internal server.

“We continue to work closely with the E-Crime Department at Dubai Police to actively investigate the matter, and keep our customers up to date,” the company said.

The hackers accessed an internal server that contained customer data including names, email addresses, mobile numbers, delivery addresses, and previous order details.

“We can confirm that no personal banking information was compromised, as we do not store banking details on our servers.”

Spinneys urged its customers to remain vigilant against cyber criminals and deal only with people they trust.

Ransomware is malware that is designed to deny users or organizations access to their online data and files stored on computers or servers. All data is encrypted, and criminals demand payment for the decryption key.

The main goal of Clop ransomware is to encrypt all files in an enterprise and demand a payment to receive a decryptor to re-access the affected files, according to a blog post by computer security software company McAfee.

Clop ransomware emerged in 2019, when it became a prevalent threat to organizations and businesses, according to cloud cyber security service company Mimecast. Clop ransomware also threatens to leak confidential information if no ransom is paid, it said.

To date, it is estimated that Clop ransomware has extorted more than $500 million from organizations, including multinational energy companies and at least two prominent US universities, according to Mimecast.

The Clop ransomware gang became the seventh-most active in the world with 107 victims uploaded on DLS between the first quarter of 2021 and the first quarter of 2022, according to the Ransomware Uncovered 2021/2022 report.

“In June 2021, six Clop ransomware affiliates involved in cash-out services were arrested in Kyiv, Ukraine.”

More than 80 percent of UAE organizations said they have the staff required to effectively manage a ransomware cyber attack, matching the global average, a June survey by Boston-based security company Cybereason found.