Logo
Icon

Announcements:

– Letter from Cell C CEO. Read more

– FAQ update. Click here

Open Letter from CEO, Jorge Mendes

Dear Valued Customers,

As we welcome the new year, I want to take a moment to extend our heartfelt wishes to you and your loved ones. Thank you for your continued support.

Recently, we communicated a cybersecurity incident impacting some parts of our IT environment. While this is a challenging moment for all of us, please rest assured that we are actively investigating the breach with the utmost urgency and transparency that it requires, alongside leading experts, using a range of tools to better understand the incident's impact.

Protecting your personal information remains our highest priority and we continue to further enhance our defenses and are committed to keeping you informed and supported.

In this update, I provide further details about what happened, our findings at this stage, the actions we’ve taken, and steps you can take to protect yourself.

Details of the incident

We were alerted to claims of a breach from threat actors, identifying themselves as Ransomhouse, alleging they have accessed data from our systems. Upon becoming aware of this threat, our robust security and monitoring measures were promptly reinforced, and we engaged with leading Forensic and Legal experts to contain and remediate the situation to minimise any further risks. 

Details on data impact

At this stage, our investigation has revealed that some of our customer data has been compromised. The data that has been accessed is unstructured (information that does not have a fixed format or structure, making it difficult to organise and analyse), and our interim analysis indicates that it includes ID numbers, contact details, and banking details. Please be assured that we have been working tirelessly and with the utmost diligence with our forensic experts to continue our investigation of the incident.

Actions taken to date

In response to the incident, we have taken significant and proactive measures, including:

  • Conducting a full security assessment to identify vulnerabilities.
  • Engaging with leading forensic and legal experts to further bolster our IT infrastructure and protocols.
  • Notifying relevant authorities, including the Information Regulator, and keeping them up to date.
  • Reaching out to all customer account holders and providing them with practical tips to protect themselves from cyber threats.
  • Implementing enhanced monitoring systems to detect any potential data exposure.
  • Continuously strengthening our cybersecurity measures and improving our IT environment to mitigate these risks.

Cybercrime is becoming increasingly prevalent both locally and globally. To assist you in safeguarding your information, we’ve also prepared practical tips on staying cybersmart, which you can access here.

We understand the responsibility we have to protect your personal information, and we sincerely apologise for any concern that this incident may have caused. Our team of experts continue to work with due care to gather additional details as part of the investigation.

We are committed to transparency and want you to be fully informed throughout this process. For more information, please refer to our FAQs here.

Should you have further concerns or questions, please contact,

  • Customer care team: 084 135
  • Media team: media@cellc.co.za, or visit our Information Hub for more updates. Thank you for your understanding, patience and ongoing support.

Yours sincerely,

Jorge Signature

Jorge Mendes

CEO, Cell C

Information for Customers

08 January 2025

Subject: Important Cybersecurity Update

Dear Valued Customer,

Compliments of the new season from all of us at Cell C. We wish you and your loved ones all the best for the year ahead. We would also like to take this opportunity to thank you sincerely for your continued support.

It is regrettable that we must inform you of a recent cybersecurity incident which we have reported to the Information Regulator. Upon discovery, immediate steps were taken to secure our systems, contain the incident, and conduct a thorough investigation to determine its scope and impact.

Initial findings from our ongoing investigation suggest that data related to a limited number of individuals may have been accessed by an unauthorised party.

Cybercrime is becoming increasingly prevalent both locally and globally, as seen in recent news headlines. Cell C remains committed to continuously strengthening our cybersecurity measures and improving our IT environment to mitigate these risks. Updates and developments will be shared with you as they become available.

We would like to encourage our customers to stay vigilant and take steps to protect their personal information. For tips on staying cybersmart, please click here.

We appreciate your patience and understanding as we continue our investigations.

Your ongoing support is greatly appreciated by us, and we remain dedicated to safeguarding your privacy.

Wishing you a safe and successful 2025.

Yours sincerely,

Themba Phiri
Cell C Information Officer

Previous updates

30 December 2024

Information for Partners

We have detected a cybersecurity incident impacting parts of our IT environment. Upon discovery, we took immediate action to contain the issue and engaged cybersecurity experts to assist with our investigation. 

Our top priority is to protect the integrity of our systems and the confidentiality of customer data. While we continue to assess the full scope of the incident, initial findings from our ongoing investigation suggest that data related to a limited number of individuals may have been accessed by an unauthorised party.

We have notified the relevant authorities, and we will keep stakeholders informed as we work to resolve the situation. 

Cybercrime is increasingly prevalent locally and globally, and we continuously invest in enhancing our cybersecurity measures to mitigate risk. We would like to encourage our customers to stay vigilant and take steps to protect their personal information. Customers can also access our website for tips on staying cybersmart here.

We remain committed to safeguarding stakeholder privacy and will provide updates as more information becomes available. 

Previous updates

30 December 2024

Information for Media

Monday, 30 December 2024

We have detected a cybersecurity incident impacting parts of our IT environment. Upon discovery, we took immediate action to contain the issue and engaged cybersecurity experts to assist with our investigation.

Our top priority is to protect the integrity of our systems and the confidentiality of customer data. While we continue to assess the full scope of the incident, we believe a limited number of customers' data may have been accessed. We are working to identify the affected information and encourage customers to update passwords and remain vigilant to potential fraud.

We have notified the relevant authorities and are fully cooperating with their investigation. We will keep stakeholders informed as we work to resolve the situation. Cybercrime is increasingly prevalent locally and globally, and we continuously invest in enhancing our cybersecurity measures to mitigate risk. We urge all customers to stay cautious and vigilant.

We remain committed to safeguarding stakeholder privacy and will provide updates as more information becomes available.

For inquiries, please contact:
media@cellc.co.za

How To Protect Yourself From Cybercrime. Learn more


Previous statements

30 December 2024

Cybersecurity Update – FAQs

Q: What happened?

A: We were alerted to claims of a breach from threat actors, identifying themselves as Ransomhouse, alleging they have accessed data from our systems. Upon becoming aware of this threat, our robust security and monitoring measures were promptly reinforced, and we engaged with leading Forensic and Legal experts to contain and remediate the situation to minimise any further risks.

Q: Who are the threat actors?

A: The threat actors have identified themselves as Ransomhouse.

Q: Has any customer data been compromised?

A: At this stage, our investigation has revealed that some of our customer data has been compromised.

Q: What specific data (types of data) was leaked in this incident?

A: Our investigation is still ongoing. At this stage, findings indicate that the threat actor had access to unstructured data stored on some of our servers. Our interim analysis indicates that it includes ID numbers, contact details, and banking details. We have been working as diligently and thoroughly as possible with our forensic experts to identify more precisely what other information has been accessed and specifically to whom the data is linked.

Q: What is unstructured data?

A: Unstructured data refers to information that does not have a fixed format or structure, making it difficult to organise and analyse. Unlike structured data, which is neatly arranged in tables, unstructured data includes a variety of formats, such as typical Microsoft Office documents, text documents, images, and videos.

Q: How did the incident occur?

A: The attack exploited a vulnerability to gain unauthorised access to a server within our corporate network. Immediate steps were taken to contain the issue.

Q: When did it happen?

A:   On the 28th of December 2024 it was established that some of our customer data had been compromised.

Q: What is the company doing to address this?

A: In response to the incident, we have taken significant and proactive measures, including:

  • Conducting a full security assessment to identify vulnerabilities.
  • Engaging with leading forensic and legal experts to further bolster our IT infrastructure and protocols.
  • Notifying relevant authorities, including the Information Regulator, and keeping them up to date.
  • Reaching out to all customer account holders and providing them with practical tips to protect themselves from cyber threats.
  • Implementing enhanced monitoring systems to detect any potential data exposure.
  • Continuously strengthening our cybersecurity measures and improving our IT environment to mitigate these risks.

Q: Should I be concerned about my personal information?

A: We understand your concern, and we want to assure you that protecting your personal information is our highest priority. While the investigation is ongoing, we have found that certain information, including ID numbers, contact details, and banking details, may have been accessed.

Q: What actions are you taking to prevent this in the future?

A: Cybercrime is increasingly prevalent locally and globally, and we continuously invest in enhancing our cybersecurity measures and our IT environment to mitigate these risks. We are taking comprehensive steps to further strengthen our security, including engaging top forensic experts to conduct a detailed analysis, enhancing monitoring, and conducting a full review of our IT systems. We remain committed to maintaining the highest standards of data security.

Q: Have the threat actors provided any proof of their claims?

A: The threat actors have provided screenshot evidence to support their claims, showcasing the type of data they claim to have extracted.

We are currently working with our forensic experts to gather more information regarding the threat actors' claims. As of now, no additional proof has been provided, but we are actively investigating.

Q: Should I contact the company if I have concerns?

A: Absolutely. If you have any concerns or questions, please reach out to our customer support team at 084 135. We are committed to transparency and addressing any concerns you may have.

Protecting yourself from Cybercrime

How To Protect Yourself Against Cybercrime

Protecting yourself against cybercrime is crucial in today's digital age. Here are some practical tips to help safeguard your personal information:

1. Use Strong Passwords

  • Create complex passwords with a combination of letters, numbers, and special characters
  • Avoid using the same password for multiple accounts
  • Change your passwords regularly

2. Keep Software Updated

  • Ensure your operating system, applications, and antivirus software are always up to date
  • Enable automatic updates to protect against known vulnerabilities

3. Enable Two-Factor Authentication (2FA)

  • Use 2FA whenever possible to add an extra layer of security to your accounts

4. Be Cautious with Emails

  • Avoid clicking on links or downloading attachments from unknown or suspicious emails
  • Be wary of phishing attempts that try to steal your personal information

5. Secure Your Wi-Fi Network

  • Use a strong password for your Wi-Fi network
  • Enable network encryption

6. Use a Full-Service Internet Security Suite

  • Consider using comprehensive security software that includes antivirus, firewall, and identity theft protection

7. Monitor Your Accounts

  • Regularly check your bank statements, credit reports, and online accounts for any unauthorized activity
  • Report any suspicious transactions immediately

8. Protect Your Mobile Devices

  • Install security apps and keep your devices updated
  • Avoid downloading apps from untrusted sources

9. Be Social Media Savvy

  • Adjust your privacy settings on social media platforms to limit the visibility of your personal information
  • Be mindful of the information you share online

10. Backup Your Data

  • Regularly back up important data to an external drive or cloud storage
  • Encrypt sensitive files to add an extra layer of protection

11. Educate Yourself and Others

  • Stay informed about the latest cyber threats and scams

Support

Should you have further concerns or questions, please contact:

  – Customer care team: 084 135.

  – Media team: media@cellc.co.za.

Thank you for your understanding, patience and ongoing support.

Privacy and Legal Compliance

Read more about our privacy and legal compliance here.