Cell C has confirmed a data breach affecting some customers, employees, and partners, exposing ID numbers, contact details, and banking information.
The RansomHouse group has claimed responsibility, but Cell C stated that no ransom demand has been made yet.
The mobile operator disclosed that the breach occurred on 8 January 2025, compromising data related to a limited number of individuals. Investigations revealed that the stolen data is unstructured, making it difficult to analyze.
Cell C is working with forensic experts and taking measures to address the breach, including:
- Identifying the attack vector and fixing vulnerabilities.
- Notifying authorities such as the Information Regulator.
- Educating customers on cybersecurity measures.
- Strengthening monitoring systems and overall cybersecurity.
RansomHouse reportedly breached Cell C’s systems in November 2024, stealing 2TB of data, including customer call records, ID scans, non-disclosure agreements, and financial statements.
The cybercriminal group, known for data theft rather than encrypting files, infiltrates organizations through phishing, vulnerabilities, and weak cybersecurity practices. It previously targeted Shoprite in June 2022, but no other known South African victims have been reported.
Cell C reassured stakeholders that it is taking the necessary steps to resolve the incident and protect customer data.
Source: MyBroadBand
About Author
