Cell C data leaked after cyberattack

Cell C announced today that data compromised in a recent cybersecurity incident has been unlawfully disclosed by RansomHouse, the threat actor claiming responsibility for the hack.

This comes after an incident in January this year, when Cell C disclosed that it was the victim of a cyberattack that exposed the data of a limited number of people.

“We have detected a cybersecurity incident impacting parts of our IT environment,” Cell C said at the time.

“Upon discovery, we took immediate action to contain the issue and engaged cybersecurity experts to assist with our investigation.”

This cyberattack involved unauthorised access to unstructured data in some parts of Cell C’s IT environment.

Around two days after news of the attack broke, Cell C revealed that RansomHouse had claimed responsibility for the attack.

MyBroadband reported that RansomHouse emerged in March 2022 as a group that infiltrates companies through phishing attacks, exploiting vulnerabilities, or leveraging poor cybersecurity practices.

“RansomHouse exfiltrates sensitive data from breached systems and demands payment for not leaking it,” the publication explained. 

“Rather than encrypting systems, this approach allows RansomHouse group members to avoid detection for longer, as there is no immediate operational disruption.”

“The group has significantly impacted South Africa in recent years, attacking Checkers owner Shoprite in June 2022 and Cell C in November 2024.”

In a press statement released on Wednesday, 9 April 2025, Cell C said that RansomHouse unlawfully disclosed the data compromised in the January cybersecurity incident.

“We deeply regret this development and the concern it may cause among our employees, customers, partners, and stakeholders at large,” the company said.

The company also announced that it had set up an Information Hub as part of its commitment to safeguarding the interests of our stakeholders and ensuring full transparency.

With this hub, stakeholders can access tips on protecting themselves against cybercrime, support and actions to protect against fraudulent activity, and frequently asked questions on cyber incidents.

Since detecting the incident, Cell C said it has taken decisive steps to contain the threat, further secure its systems, and mitigate the impact. 

These include:

• Engaging leading international cybersecurity and forensic experts to support containment and response
• Notifying and cooperating with the Information Regulator and relevant authorities
• Communicating with affected stakeholders to provide findings and guidance

“Cell C has engaged its experts to monitor potential misuse of the data and urges all stakeholders to remain vigilant against fraud, phishing, and identity theft,” the company said.

“Resources for fraud prevention – including SAFPS registration and cybersecurity best practices – have been included in all communications and are available on our website.”

“Cell C is committed to supporting affected stakeholders throughout this process.”

The mobile operator also encourages stakeholders to apply for Protective Registration with the South African Fraud Prevention Services (SAFPS).

This is a free service that alerts credit providers to take extra care when verifying your identity, helping to protect against potentially fraudulent activity. 

“We continue to work closely with relevant authorities and security specialists to monitor for any further developments and to reinforce the integrity of our systems,” the company said.

“Cell C remains committed to transparency, accountability, and protecting the interests of the people and partners we serve.”