Cell C hackers publish stolen data

Cell C has confirmed that data compromised through a cyber attack on its systems in late 2024 has been unlawfully disclosed by RansomHouse, the threat actor who claimed responsibility for the attack.

The mobile operator first disclosed the data breach on 8 January 2025, after RansomHouse claimed to have breached Cell C’s systems and stolen 2TB of data in November 2024.

RansomHouse claimed responsibility for the attack on the dark web, and an analysis of the files posted on the site suggested that it had stolen highly sensitive information from Cell C.

The list of files included customer call records, ID scans of a former executive, the front pages of non-disclosure agreements between Cell C and other companies, and the first pages of several customer contracts.

There were also screenshots of what appear to be Cell C financial data, including a balance sheet and statements of revenue and profit.

In a subsequent statement on 9 April, Cell C said it deeply regretted the group’s release of the data and the concern it may cause among its employees, customers, partners, and stakeholders.

“Since detecting the incident, Cell C has taken decisive steps to contain the threat, further secure its systems, and mitigate impact.”

The operator said that its measures included:

• Leveraging leading international cybersecurity and forensics expertise to support containment and response;
• Notifying and cooperating with South Africa’s Information Regulator and other relevant authorities; and,
• Communicating with affected stakeholders to provide findings and guidance.

“Cell C has engaged its experts to monitor potential misuse of the data and urges all stakeholders to remain vigilant against fraud, phishing, and identity theft,” the mobile operator said.

“Resources for fraud prevention, including South African Fraud Prevention (SAFPS) registration and cybersecurity best practices, have been included in all communications and are available on our website.”

A few days after disclosing the data breach, Cell C confirmed that RansomHouse was responsible for the attack.

RansomHouse’s modus operandi is to target high-value organisations through phishing attacks, and it only accepts ransom payments in Bitcoin.

The mobile operator revealed the data breach had exposed the ID numbers, contact details, and banking information of some of its customers, employees and partners.

It also told MyBroadband that the hacking group had not made any specific monetary ransom demands.

Cell C added that the compromised data had no fixed format, making it difficult to organise and analyse.

Protection tips for victims

The mobile operator has also set up an information hub where stakeholders can view tips on protecting themselves against cybercrime and get support to protect against fraudulent activities.

It also features frequently asked questions about the recent cybersecurity incident.

“We understand the anxiety this may cause and encourage stakeholders to apply for Protective Registration with the SAFPS — a free service that alerts credit providers to take extra care when verifying your identity, helping to protect against potentially fraudulent activity,” said Cell C.

Stakeholders can apply for Protective Registration (PR) online, via email, or through the SAFPS call-back system.

When applying via email, applicants must download the PR application form and email it to [email protected], with the necessary supporting documents.

To apply via the call-back system, applicants can submit their details through the SAFPS website, and an agent will call back to begin the process.

Once stakeholders have applied, the SAFPS will issue them a PR reference number and a Victim of Impersonation letter within 48 hours.

“This letter will help future credit providers verify your identity and protect against fraud,” Cell C said.