The Data Protection Commission (DPC) of Ghana has responded to reports of a potential cybersecurity incident involving unauthorized access to the personal information of some MTN customers.
In a press release issued on April 25, 2025, the Commission confirmed that, “The Data Protection Commission has taken note of a potential cybersecurity incident, which resulted in unauthorised access to Personal Information of some MTN customers.”
Although MTN Group has indicated that the breach “did not impact its core network, billing systems, or financial services infrastructure”, the Commission emphasized that it is “actively monitoring the situation and engaging closely with MTN Ghana, National Communications Authority and Cybersecurity Authority” to address the incident.
DPC assured Ghanaians that if personal information is found to be compromised due to negligence, it “will not hesitate to invoke its enforcement powers under Act 843 to hold MTN Ghana and/or MTN Group accountable.”
Reiterating the importance of personal data protection, DPC stressed that “the privacy and protection of Personal Information is a fundamental right.”
It reminded all data controllers and processors that they “are expected to adhere strictly to the provisions of Act 843.”
The Commission also highlighted that Act 843 legally requires “all public and private institutions to register with the Commission,” which ensures accountability for handling personal information.
To protect themselves, Ghanaians are advised to “always check if an institution or service provider you engage is licensed.”
The DPC urged the public to “remain vigilant, adopt recommended digital safety practices, and report any suspicious activity to their service providers and the Commission.”
It assured that further updates will be provided “as the situation evolves and commits to maintaining transparency, accountability, and the protection of individual rights in the digital space.”
About Author
