Cell C confirms customer data published by hackers following late-2024 cyberattack

South African telecommunications provider Cell C has officially confirmed that sensitive customer data compromised in a cybersecurity breach at the end of 2024 has been unlawfully disclosed on the dark web by the hacking group RansomHouse.

The mobile operator first revealed the incident publicly on January 8, 2025, stating at the time that a limited number of individuals might have been affected. However, a more detailed internal investigation has since revealed that the breach was “more extensive than initially assessed,” according to a company statement released Wednesday.

Cell C disclosed that the unauthorized access involved unstructured data in certain segments of its IT environment. The company’s ongoing probe has now confirmed that personal information — including full names, contact details, ID numbers, banking details (if stored for billing), driver’s license numbers, medical records (where applicable), and passport details — was accessed and subsequently published online by the threat actor.

“We deeply regret this development and the concern it may cause among our employees, customers, partners, and stakeholders at large,” Cell C said.

Despite the breadth of the breach, Cell C has stated there is no evidence, as yet, of large-scale exploitation of the compromised data. The company further confirmed that no customer passwords, banking PINs, or full authentication data had been identified among the information exposed.

RansomHouse, a known extortion group, has claimed responsibility for the breach. The company has not publicly disclosed whether a ransom demand was made or met.

Following the detection of the incident, Cell C said it took swift action to secure its systems, engaging international cybersecurity and digital forensics experts to contain the breach and prevent further unauthorized access. Authorities, including South Africa’s Information Regulator, have been notified and are working in coordination with Cell C on the matter.

As part of its response, the telecom provider has launched a dedicated "Information Hub" on its website. This platform offers guidance on how customers can safeguard themselves from cyber threats, including fraud, phishing, and identity theft. The site also provides a detailed FAQ section related to the breach.