Details revealed about Cell C hack
Cell C has confirmed that the RansomHouse hacking group has claimed responsibility for breaching the mobile operator’s systems.
The company disclosed that it was the victim of a cyberattack on Wednesday, 8 January 2025, that exposed the data of a limited number of people.
RansomHouse’s site on the dark web claims that they had breached Cell C’s systems in early November 2024 and exfiltrated 2TB of data.
MyBroadband asked Cell C for details about the attack.
“Our investigation into this matter is still ongoing, and we are working diligently to gather all the facts,” it said.
“We can confirm that the threat actors involved in this incident have identified themselves as Ransomhouse.”
It added that it has no additional verified information regarding the attackers’ identities and that its forensic experts will continue investigating.
Cell C notified the public of the breach on 8 January. It said the cybersecurity incident impacts parts of its IT environment.
“Upon discovery, we took immediate action to contain the issue and engaged cybersecurity experts to assist with our investigation,” it said.
The mobile operator added that its top priority is to protect its systems’ integrity and the confidentiality of customer data.
It said initial findings from its investigation indicated that data accessed by the unauthorised party relates to a limited number of individuals.
“We have notified the relevant authorities, and we will keep stakeholders informed as we work to resolve the situation,” it added.
Cell C explained that cybercrime is increasingly prevalent globally and in South Africa. It says it continuously invests in cybersecurity measures to mitigate risks.
“We would like to encourage our customers to stay vigilant and take steps to protect their personal information,” Cell C added.
It shared a link to a guide on its website, which it says will help customers stay aware of cybersecurity risks.
“We remain committed to safeguarding stakeholder privacy and will provide updates as more information becomes available,” Cell C said.
According to a blog post by SentinelOne about the RansomHouse group, it targets enterprises and high-value targets through phishing attacks and only accepts ransom payments in Bitcoin.
RansomHouse also claimed responsibility for an attack on Africa’s largest supermarket chain — Shoprite — in June 2022. It threatened to leak compromised data online if the Checkers owner refused to pay up.
The company said “a specific sub-set of data” of some of its customers was potentially affected, particularly those who transferred money to and within Estwatini, and within Namibia and Zambia.
It later emerged that the “sub-set of data” included names, ID numbers, and photographs of people’s identity documents.
Shoprite said impacted customers would receive an SMS to the cell number supplied at the time of the transaction and assured that it had launched an investigation to gather more details about the incident.
RansomHouse claimed that Shoprite had left customers’ data wholly unprotected and claimed that it had compromised the supermarket chain’s whole know-your-customers (FICA) database for its money transfer service.
It appeared as though Shoprite refused to communicate with the hackers, and the group started auctioning the data on the dark web in late June 2022.
“With regards to Shoprite, we’ve made a decision to add more information about how their infrastructure was compromised,” RansomHouse said.
“We’ll also publish the whole filetree data, so everyone could get the idea of how massive the leak actually is.”
It added that Shoprite could quickly remedy the situation by contacting them and emphasised that it had not infected the company’s systems with ransomware during the attack.
Several months later, the Shoprite Group announced its investment in secure data collaboration platform Omnisient, which is described as Africa’s first “privacy-preserving data collaboration platform provider”.
“Thanks to their bank-grade encryption technology, customers’ data is anonymised and protected at all times. Personally-identifiable information is also never shared,” said Shoprite.