South Africa’s fourth-largest mobile network provider, Cell C, has confirmed that a cyberattack carried out in 2023 resulted in a massive data breach. The hacker group RansomHouse, known for publishing stolen data instead of encrypting it, claims responsibility for exfiltrating over 2 terabytes of sensitive information. That data has since surfaced on the dark web.
Cell C, which serves over 7.7 million subscribers, said that the attackers accessed certain segments of its IT infrastructure. While the company has not revealed how many individuals are directly affected, it acknowledged that a wide range of personally identifiable information (PII) was compromised.
According to statements released by both Cell C and RansomHouse, the leaked data includes full names, contact details, ID numbers, banking information, passport data, driver’s license numbers, and medical records. This type of comprehensive data breach is particularly dangerous, as it opens the door to phishing attacks, financial fraud, and identity theft.
Cell C has urged its users to remain vigilant and monitor any unusual financial or communication activity. The company is currently working with international cybersecurity firms and forensic analysts, and it has informed relevant South African authorities. Cell C has also implemented new monitoring systems to track any further misuse of the leaked information.
In a letter to customers, CEO Jorge Mendes expressed regret, acknowledging the potential anxiety this may cause. He emphasized that the company is committed to transparency and ongoing updates as the investigation progresses.
RansomHouse, active since March 2022, operates differently from traditional ransomware groups. Instead of deploying encryption tools, the group steals and threatens to publish data unless victims meet extortion demands. In this case, Cell C has not disclosed whether a ransom was demanded or if negotiations occurred.
RansomHouse markets itself as a “force for good,” claiming its attacks expose weak security practices in major organizations. However, critics see the group as another iteration of digital extortion in an era where leak-based blackmail is increasingly common.
RansomHouse has previously claimed attacks against AMD, Shoprite Group, and the Saskatchewan Liquor and Gaming Authority, indicating a wide-ranging and global target list.
As more companies move critical infrastructure online, the Cell C breach stands as another high-profile reminder that data extortion tactics are evolving fast, and no region or sector is immune.
