Late on April 24, 2025, MTN Group, Africa’s largest mobile operator, reported a cybersecurity incident that resulted in unauthorized access to the personal information of some customers in specific markets.
Key Details of the Breach:
- Nature of the Breach: An unknown third party gained unauthorized access to data linked to specific parts of MTN’s systems, exposing personal information of some customers. The exact nature of the data compromised was not detailed in public statements, but it did not involve customer accounts or wallets directly.
- Impact on Infrastructure: MTN confirmed that its core network, billing systems, and financial services infrastructure remained secure and fully operational, indicating the breach was limited to certain non-critical systems. There was no evidence of compromise to critical infrastructure.
Response Actions:
- MTN confirmed that it activated its cybersecurity response protocols immediately.
- The company notified the South African Police Service (SAPS) and the Hawks, as well as relevant authorities in the affected countries.
- MTN has stated that they are collaborating with law enforcement agencies to investigate the incident.
- The company has also emphasized that protecting customer information is a top priority and that they are managing the incident with utmost care.
Claim of Responsibility:
An unknown third party claimed responsibility for accessing the data, but no specific group or motive or identification of the group responsible has been made available at this stage.
Public Sentiment and Context:
Public posts on X highlighted public concern, referencing a prior incident in September 2024 where MTN customer information was accessed via a business process outsourcing (BPO) partner, leading to fraudulent debits from bank accounts. Customers expressed frustration over MTN’s lack of transparency and the regulator ICASA’s inaction in the earlier incident, suggesting ongoing trust issues.
No Direct Financial Impact Reported:
At the time of the announcement, there was no indication that customer accounts or financial wallets were directly compromised, distinguishing this breach from more severe incidents like ransomware attacks.
This incident follows other cybersecurity challenges for MTN, such as a critical vulnerability in its Nigeria self-service portal uncovered in March 2025, which could have exposed sensitive customer data but was not linked to this breach. Additionally, a 2023 cyberattack claimed by Anonymous Sudan disrupted MTN Nigeria’s website and services, indicating a history of targeting by threat actors.
MTN has not released further specifics about the affected markets, the number of customers impacted, or the exact data exposed as of the latest updates. The company’s proactive engagement with law enforcement and its assurance of secure core systems suggest efforts to contain and mitigate the breach’s impact.
