South African telecom provider serving 7.7 million confirms data leak following cyberattack

South Africa’s fourth-largest mobile network operator, Cell C, has confirmed that its data was leaked on the dark web following a cyberattack last year.

The hacker group responsible for the attack, RansomHouse, claimed to have breached 2TB of the company’s data. Cell C stated that the hackers gained unauthorized access to certain parts of its IT systems.

While the exact number of individuals affected by the hack remains unclear, the company has acknowledged the compromise of sensitive customer information

Cell C, which serves 7.7 million subscribers, did not disclose whether a ransom was demanded or if negotiations took place with the attackers. In a statement issued Wednesday, the company said that the data disclosed by RansomHouse included a range of personal and sensitive information.

Among the types of compromised data were full names, contact details, ID numbers, banking information, driver’s license numbers, medical records and passport details. The company is urging affected individuals to take precautions against phishing and potential identity theft now that the data has been published by the attackers.

Cell C said it is working with international cybersecurity and forensic experts, cooperating with relevant authorities and working closely with stakeholders to provide guidance and findings.

“We understand the seriousness of this development and deeply regret the distress or concern it may cause,” said Cell C CEO Jorge Mendes in a letter to customers. The company has also set up monitoring systems to track the potential misuse of the leaked data.

RansomHouse, a cybercrime group that emerged in March 2022, is known for its extortion tactics. Rather than encrypting data, the group threatens to release all exfiltrated information publicly. The group calls itself as a “force for good” and claims to expose vulnerabilities in companies

In previous incidents, RansomHouse has claimed responsibility for attacks on major organizations, including chip manufacturer Advanced Micro Devices (AMD), supermarket chain Shoprite Group and the Saskatchewan Liquor and Gaming Authority.