South African telecom provider serving 7.7 million confirms data leak following cyberattack

Avatar

South Africa’s fourth-largest mobile network operator, Cell C, has confirmed that its data was leaked on the dark web following a cyberattack last year.

The hacker group responsible for the attack, RansomHouse, claimed to have breached 2TB of the company’s data. Cell C stated that the hackers gained unauthorized access to certain parts of its IT systems.

While the exact number of individuals affected by the hack remains unclear, the company has acknowledged the compromise of sensitive customer information

Cell C, which serves 7.7 million subscribers, did not disclose whether a ransom was demanded or if negotiations took place with the attackers. In a statement issued Wednesday, the company said that the data disclosed by RansomHouse included a range of personal and sensitive information.

Among the types of compromised data were full names, contact details, ID numbers, banking information, driver’s license numbers, medical records and passport details. The company is urging affected individuals to take precautions against phishing and potential identity theft now that the data has been published by the attackers.

Cell C said it is working with international cybersecurity and forensic experts, cooperating with relevant authorities and working closely with stakeholders to provide guidance and findings.

“We understand the seriousness of this development and deeply regret the distress or concern it may cause,” said Cell C CEO Jorge Mendes in a letter to customers. The company has also set up monitoring systems to track the potential misuse of the leaked data.

RansomHouse, a cybercrime group that emerged in March 2022, is known for its extortion tactics. Rather than encrypting data, the group threatens to release all exfiltrated information publicly. The group calls itself as a “force for good” and claims to expose vulnerabilities in companies

In previous incidents, RansomHouse has claimed responsibility for attacks on major organizations, including chip manufacturer Advanced Micro Devices (AMD), supermarket chain Shoprite Group and the Saskatchewan Liquor and Gaming Authority.

CybercrimeIndustryNewsNews BriefsPrivacy
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Moroccan cybercrime group Atlas Lion hiding in plain sight during attacks on retailers

Next Post

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

Related Posts

PHP-CGI RCE Flaw Exploited in Attacks on Japan’s Tech, Telecom, and E-Commerce Sectors

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. "The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researcher Chetan Raghuprasad said in a technical
Avatar
Read More

Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine

Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last week. "The PowerShell downloader contacts geo-fenced servers located in Russia and Germany to
Avatar
Read More

UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools

Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim
Avatar
Read More