What happened in the Cell C data breach?

Cell C, a South African mobile operator, experienced a cybersecurity incident in January 2025 that resulted in unauthorized access to customer data. The RansomHouse cybercrime group has claimed responsibility for the attack, which resulted in the theft of approximately 2TB of data.

What types of data were exposed in the breach?

The exposed data reportedly includes system credentials for internal services, access credentials for external portals, FTTH (Fiber-to-the-Home) customer operations data, customer billing records, and personal information from fiber network operations.

What is the current status of the incident?

Cell C has confirmed RansomHouse's involvement in the attack and continues its forensic investigation to determine the full scope and impact of the incident. The exact number of affected individuals and specific types of customer data compromised has not been disclosed.

Incident

South African mobile operator Cell C hit by ransomware attack

Q: How did the attack occur?

RansomHouse claims the attack involved multiple stages, including phishing campaigns throughout 2023 leading to credential theft and system infiltration. However, Cell C states they have no evidence supporting these initial compromise vectors.

published: Jan. 10, 2025

Learn More

A cybersecurity incident has affected Cell C, a South African mobile operator, resulting in unauthorized access to customer data. The company disclosed a breach affecting parts of its IT environment in January 2025.

The RansomHouse cybercrime has claimed responsibility for the attack. The attack supposedly involved multiple stages, though some findings are disputed by Cell C. The claimed attack chain included sophisticated phishing campaigns throughout 2023, leading to credential theft and system infiltration. However, Cell C states they have no evidence supporting these initial compromise vectors.

Tbreach resulted in theft of approximately 2TB of data. The exposed data reportedly includes:

System credentials for internal services
Access credentials for external portals
FTTH (Fiber-to-the-Home) customer operations data
Customer billing records
Personal information from fiber network operations

The compromise affected critical systems associated with FTTH ordering and provisioning, potentially impacting services connected to multiple fiber network operators including MetroFibre, Openserve, and Vumatel.

The exact number of affected individuals and specific types of customer data compromised is not disclosed.

Current Status Cell C has confirmed RansomHouse's involvement. The company continues its forensic investigation to determine the full scope and impact of the incident.

Update - as of 9th of April 2025, Cell C confirmed that ransomware group RansomHouse has published data stolen during the security breach. Cell C has established an information hub to provide stakeholders with cybersecurity protection guidance.

Cell C, South Africa's has confirmed that sensitive customer data was leaked on the dark web following the cyberattack. According to Cell C's statement issued Wednesday, the compromised data includes:

Full names
Contact details
ID numbers
Banking information
Driver's license numbers
Medical records
Passport details

The number of affected individuals is not disclosed.

South African mobile operator Cell C hit by ransomware attack

Read More
Ransomware attack on dutch medical lab exposes cancer …
Mission Community Hospital reports ransomware attack, data breach
Louisiana Special School District hit by Akira ranosmware …
Semyonishna dairy processing plant hit by ransomware
St. Landry Parish school impacted by ransomware