The breach reflects broader systemic vulnerabilities in Africa's digital infrastructure. As mobile and internet penetration grow across the continent, robust cybersecurity measures will be critical to protecting both economic growth and individual rights.

South African mobile operator Cell C has revealed that data compromised in a recent cybersecurity breach had been unlawfully published by hacker group RansomHouse. The disclosure follows a previously reported incident involving unauthorized access to unstructured data within parts of Cell C’s IT systems.

“We deeply regret this development and the concern it may cause,” the company said in a statement dated April 9.

The company said it had launched an online information hub to help customers protect against cybercrime and fraud. The portal provides guidance on identity theft, protective registration with the South African Fraud Prevention Services (SAFPS), and other security measures.

Cell C also informed that it had taken steps to contain the breach, including engaging international cybersecurity experts, notifying relevant authorities, and contacting affected stakeholders.

Cell C has urged all stakeholders to remain vigilant and reiterated that it will never request passwords, PINs or one-time passwords from customers. The company said it remains committed to transparency and is continuing to monitor the situation in coordination with cybersecurity specialists and regulators.

South Africa ranked among the top three most-targeted African countries for cyberattacks in 2023, according to a Kaspersky report, with a sharp rise in ransomware incidents targeting critical infrastructure and financial services. In just one week in February 2023, Kaspersky reportedly detected more than 300 ransomware attempts in South Africa a clear indication of the growing frequency and intensity of cyberattacks in the country.

The financial toll of cyberattacks is also escalating. Reflecting the growing severity of these breaches, the IBM Cost of a Data Breach Report 2024 found that the average cost of a data breach in South Africa reached ZAR 53.86 million (~USD 2.78 million) against a global average of USD 4.88 million. This highlights the escalating risks and economic toll of cybercrime in the region.

The incident reinforces growing concerns around the cyber resilience of telecom companies, which hold vast amounts of sensitive customer data and are frequent targets of sophisticated threat actors. It also highlights the urgency for stronger cyber risk mitigation strategies across South Africa’s digital economy.

Hikmatu Bilali