MTN Group has confirmed that the cybersecurity breach disclosed last week led to a data leak affecting customers in several markets, including South Africa, and was followed by a demand from the attackers.
The company said the breach involved unauthorized access to limited personal information such as names, surnames, and mobile numbers. While MTN has not publicly confirmed the identity of the attackers or the nature of the demand, it has alerted South Africa’s Information Regulator, strongly indicating that local users were among those impacted.
“The investigation is still ongoing, but we can confirm that the threat actor has made a demand,” an MTN spokeswoman told TechCentral.
Scope and Impact of the MTN Cybersecurity Breach
What Data Was Exposed?
MTN emphasized that the breach did not affect core systems, including billing platforms or mobile wallets, and said only contact information appears to have been accessed.
However, experts warn that even this type of data could be leveraged for:
- Identity theft (e.g., applying for loans or credit using stolen names and numbers)
- Phishing attacks (e.g., impersonating banks or mobile services)
- Credential harvesting (via spoofed login pages or OTP requests)
Hendrik de Bruin, head of security consulting at Check Point, stated that partial data leaks like this can lead to “highly targeted phishing” that tricks users into revealing sensitive information.
Telecoms: A Growing Target in Cyber Warfare
The MTN cybersecurity breach follows a disturbing regional trend. In the past six months alone, telecom firms in South Africa have faced over 1,000 cyberattacks per week, according to Check Point Software Technologies.
Other Recent Telecom Cyberattacks:
- Cell C (South Africa): Hit by ransomware in January, attributed to RansomHouse
- Telecom Namibia: Breached in December 2024 by Hunters International, with 600GB of data stolen
- NTT Communications (Japan): Data breach affected 17,000 customer records in February
- Ascom (Switzerland): Lost 44GB of data in March
- Weaver Ant Campaign (Asia): Cyber-espionage campaign against telecom infrastructure in April
Internal Link: Read: MTN Group hit by ‘cybersecurity incident’
Africa’s Telecom Sector: A High-Value Target
According to the GSMA Mobile Economy Report for Sub-Saharan Africa 2024, there were 527 million mobile subscribers in 2023, projected to grow to 751 million by 2030. With such a vast user base, telecom operators like MTN hold critical user data, making them prime targets for attackers seeking to exploit weak security protocols or unpatched systems.
MTN’s Response and Customer Advisory
MTN is cooperating with law enforcement and cybersecurity investigators to assess the breach. The company has begun notifying affected customers in compliance with regulatory requirements and offered the following advice:
- Update your MTN, mobile money, and banking apps
- Use strong, unique passwords and change them regularly
- Avoid clicking links in suspicious SMS or emails
- Be cautious of unsolicited calls asking for credentials or OTPs
External Link: Huawei Challenges Nvidia as $500 Billion U.S. Expansion Unfolds
MTN Cybersecurity Breach a Wake-Up Call for Africa’s Telcos
The MTN cybersecurity breach is a stark reminder that telecom providers are increasingly in the crosshairs of sophisticated cybercriminals. While MTN claims the breach was limited in scope, the long-term reputational and regulatory impact may be significant.
As mobile phone use continues to surge across Africa, robust cybersecurity investments, user awareness, and cross-border law enforcement cooperation will be essential to defend the continent’s digital backbone
