After suffering a data breach for over two months, Cell C confirms that the stolen data has been disclosed publicly by RansomHouse, the threat actor responsible for the breach.
The leaked data contains full names, ID numbers, contact details, and banking information of some customers, employees, and partners of the company.
It comes as a heartbreak for Cell C as they’ve taken decisive actions to mitigate the threat from the onset. “Since detecting the incident, Cell C has taken decisive steps to contain the threat, further secure its systems, and mitigate impact,” the company said.
Cell C partnered with international cybersecurity and forensics experts, South Africa’s Information Regulator, and other relevant authorities after the attack came to light.
Nonetheless, the mobile operator is proactively observing potential misuse of the leaked data and has urged all stakeholders to remain vigilant against fraud, phishing, and identity theft.
Protective Measures for Victims
While monitoring the misuse of the leaked data, the company has provided resources for fraud prevention and cybersecurity best practices on its website and through all communication channels.
Also, Cell C is encouraging stakeholders to apply for Protective Registration (PR) — a free service that alerts credit providers to take extra care when verifying your identity, helping to protect against potentially fraudulent activity.
It can be applied online via email or through the South African Fraud Prevention (SAFPS) call-back system.
Individuals who will apply via email must download the PR application form and email it to protection@safps.org.za.
Others who will use the call-back system should submit their details through the SAFPS website, and an agent will call back to begin the process.
Overview of the Attack
In November 2024, RansomHouse reportedly breached Cell C’s systems, stealing 2TB of data that included customer call records, ID scans, non-disclosure agreements, and financial statements.
Cell C however confirmed the attack in January that’s when the mobile operator began taking crucial actions.
Although the data has been leaked, RansomHouse, according to the company, did not make any specific monetary ransom demands.
About Author
