What hackers stole from Cell C

Files posted on the dark web site of the hacking group RansomHouse suggest that the attackers stole highly sensitive data from Cell C.
Cell C disclosed last week that it was the victim of a cyberattack that had exposed the data of a limited number of people.
It confirmed that RansomHouse claimed responsibility for breaching its systems — the same hacking group that stole data from Shoprite in 2022.
RansomHouse threatened to leak the compromised data online or sell it to a third party if the Checkers owner refused to pay up.
The group typically posts a handful of files on its website to prove its claims and increase the urgency of its extortion demands.
In the case of Shoprite’s data, RansomHouse claims it was sold.
As for the data stolen from Cell C, RansomHouse states it breached Cell C’s systems in early November 2024 and exfiltrated 2TB of data.
The list of files on its site includes what appears to be customer call records, scans of identity documents belonging to a former executive, and the front pages of non-disclosure agreements between Cell C and various companies.
The first pages of several customer contracts were also uploaded.
Among the files are also screenshots of spreadsheets that purportedly show Cell C’s financial data, including a balance sheet, and statements of revenue and profit.
Neither Cell C nor Shoprite have revealed how much RansomHouse tried to extort from them.
When asked for details, Cell C said it was still investigating the breach.
“Our investigation into this matter is still ongoing, and we are working diligently to gather all the facts,” it said.
Cell C said it has no additional verified information regarding the attackers’ identities and that its forensic experts will continue investigating.

The mobile operator notified the public of the breach on 8 January. It said the cybersecurity incident impacts parts of its IT environment.
“Upon discovery, we took immediate action to contain the issue and engaged cybersecurity experts to assist with our investigation,” said Cell C.
It added that its top priority is to protect its systems’ integrity and the confidentiality of customer data.
Cell C said initial findings from its investigation indicated that data accessed by the unauthorised party relates to a limited number of individuals.
“We have notified the relevant authorities, and we will keep stakeholders informed as we work to resolve the situation,” it added.
Cell C explained that cybercrime is increasingly prevalent globally and in South Africa. It says it continuously invests in cybersecurity measures to mitigate risks.
“We would like to encourage our customers to stay vigilant and take steps to protect their personal information,” it added.
Cell C shared a link to a guide on its website, which it said would help customers stay aware of cybersecurity risks.
“We remain committed to safeguarding stakeholder privacy and will provide updates as more information becomes available,” Cell C said.
According to security firm SentinelOne, RansomHouse targets enterprises and high-value targets through phishing and spear phishing attacks and accepts payments in Bitcoin.
“RansomHouse emerged in March of 2022 and is categorized as a multi-pronged extortion threat,” SentinelOne said.
“RansomHouse operations tend to be ‘smaller’ or more ‘controlled’ than some of the bigger players,” it added.
“They openly solicit new ‘team members’ on known underground marketplaces, as well as collaborating on the Telegram messaging service.”
SentinelOne said that by opting for exfiltration only and not locking victims out of their systems by encrypting data, RansomHouse attacks tend to be stealthier and can lead to them getting more time to steal data as fewer alarms are triggered.