Hackers stole customer ID numbers and banking details from Cell C

Cell C has confirmed that its recent data breach compromised the data of some customers, employees, and partners, including ID numbers, contact details, and banking information.
The RansomHouse group has claimed responsibility for the attack. However, Cell C has told MyBroadband that no specific monetary ransom demand has been made yet.
“At this stage, our investigation has revealed that data pertaining to some customers, employees, and
partners has been compromised,” it said.
“From our findings so far, we understand that the data includes ID numbers, contact details, and banking details for some of the affected data subjects.”
However, Cell C noted that the compromised data is unstructured, meaning it doesn’t have a fixed format, making it difficult to organise and analyse.
The mobile operator is working with forensic experts to continue investigating the incident. It is also taking the following measures to address the situation and reinforce its systems:
- Identifying the attack vector through its investigation and implementing measures to remedy the vulnerability.
- Engaging with top forensic experts to determine which data has been compromised and identify the specific data associated with affected individuals.
- Notifying authorities such as the Information Regulator and regularly updating them.
- Educating customers on how to protect themselves from cyber threats.
- Reinforcing its monitoring systems.
- Continuously strengthening cybersecurity measures and improving Cell C’s IT environment.
The mobile operator said protecting its customer data remains its top priority.
Cell C disclosed that it was the victim of a cyberattack that compromised the data of a limited number of individuals on 8 January 2025.
It said it took immediate action to contain the incident and engaged cybersecurity experts for assistance.
“While we continue to assess the full scope of the incident, initial findings from our ongoing investigation suggest that data related to a limited number of individuals may have been accessed by an unauthorised party,” it said.
“We have notified the relevant authorities, and we will keep stakeholders informed as we work to resolve the situation.”
Cell C confirmed that the RansomHouse group had claimed responsibility for the attack a few days later.
RansomHouse’s dark web site shows that it breached the mobile operator’s systems in early November 2024 and stole 2TB of data.
An analysis of the files posted on the site suggested that the group had stolen highly sensitive information from Cell C.
The list of files contains what looks like customer call records, ID scans of a former executive, the front pages of non-disclosure agreements between Cell C and other companies, and the first pages of several customer contracts.
There are also screenshots of what appear to be Cell C financial data, including a balance sheet and statements of revenue and profit.
Orange Cyberdefense told MyBroadband that the RansomHouse group emerged in March 2022 and infiltrates organisations through phishing attacks, vulnerabilities, or leveraging poor cybersecurity practices.
The group states that it focuses on data theft rather than encrypting victims’ files. It demands payment for not leaking the stolen data.
This enables the group to avoid detection for longer, as its attacks don’t cause immediate operational interruptions.
In addition to Cell C, RansomHouse attacked another South African company, Shoprite, in June 2022.
Orange Cyberdefense said no other known RansomHouse victims are exposed in South Africa. However, it explained that the victimisation process can take several weeks or months.