Pierluigi Paganini April 14, 2025

Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack.

Cell C is the fourth-largest mobile network operator in South Africa, ,after Vodacom, MTN, and Telkom. The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and international calling, SIM-only plans and device deals.

Cell C has confirmed a data breach following a RansomHouse cyberattack that occurred last year. The ransomware group has since leaked the stolen data on its dark web leak site. The gang claimed the theft of 2 TB of data. Compromised data includes full names, contact details, ID numbers, banking information, driver’s license numbers, medical records and passport details.

Cell C stated that threat actors gained unauthorized access to some of its IT systems.

“Cell C is aware that data compromised in the recent cybersecurity incident has been unlawfully disclosed by RansomHouse, the threat actor claiming responsibility.” states the company. “This follows a previously reported incident involving unauthorised access to unstructured data in some parts of our IT environment.”

Cell C has taken swift action to contain a recent cyberattack, secure its systems, and limit the impact. The company engaged top cybersecurity and forensic experts, informed authorities, and is actively supporting affected stakeholders.

They continue to monitor for potential data misuse and urge vigilance against fraud, phishing, and identity theft. Cell C has also shared fraud prevention resources, including guidance on registering with SAFPS for extra protection.

RansomHouse is a data extortion group that has been active since Dec 2021. Unlike other extortion group, the gang doesn’t encrypt data, but focuses on data theft to speed up its activity. Victims include AMD and Keralty. They shame non-payers by leaking data. Backups are insufficient; IPS is recommended for protection.

American hospitals are a privileged target for threat actors due to the huge trove of sensitive data they manage.

Ransomware attacks on U.S. healthcare providers surged in 2024, with 98 attacks compromising 117 million records. Hospitals often face system lockdowns, forcing a switch to manual processes. High-profile breaches include Change Healthcare (100M records), Summit Pathology (1.8M), OnePoint Patient Care (796K), and Boston Children’s Health Physicians (909K).

In 2023, Loretto Hospital experienced another data security incident. On January 19, 2023, a former employee misappropriated security camera footage of a limited number of patients and posted it on Facebook. The footage was removed after the incident was discovered. Loretto identified the impacted individuals and notified them by mail on March 15, 2023, offering guidance on protecting their information. The exposed information consisted of security camera footage of a small number of patients.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Cell C)