The Pan-African telco is the latest of a growing list of telcos being targeted by malicious actors
MTN Group announced it has experienced a cybersecurity incident that resulted in “unauthorised access to personal information of some MTN customers in certain markets”. In a short note published overnight the operator said that an unknown third-party has claimed to have accessed data linked to parts of its systems. At this stage MTN said it did not have any information to suggest that customers’ accounts and wallets have been directly compromised.
The group immediately activated its cybersecurity response processes including informing the South African Police Service and the Hawks in South Africa. MTN was keen to stress that there was no evidence of compromise to any of its critical infrastructure, core MTN platforms or services. “Our core network, billing systems and financial services infrastructure remain secure and fully operational,” stated the operator.
The operator is the latest in an increasingly long list of telcos to have been attacked. Earlier this week, South Korea’s SK Telecom detected signs that some USIM-related customer information may have been leaked due to a malicious code attack. The operator sprang into immediate action and offered customers its free SIM protection service and saw more than a million take up the offer in under 24 hours.
Ants in your pants
Cybersecurity firm Sygnia last month detailed Weaver Ant, a China-nexus threat actor infiltrating an unnamed but major telecom provider. Using web shells and tunnelling, the attackers maintained persistence and facilitated cyber espionage. The company said that threat actor aimed to gain and maintain continuous access to telecommunication providers and facilitate cyber espionage by collecting sensitive information.
The list continues. In February, NTT Communications detected unauthorised access to its internal Order Information Distribution System. The breach potentially exposed sensitive data of approximately 17,891 corporate clients, including contract numbers, company names, contact details, and service usage information.
In the same month, Orange Romania suffered a cyberattack attributed to the HellCat ransomware group. The attacker, known as “Rey,” exploited vulnerabilities in Orange’s Jira software and internal portals, leading to the exfiltration of over 6.5GB of data.
This week, the leaders of a US congressional committee on Wednesday moved to force China’s three telecom giants to cooperate with an investigation into their alleged support for the Chinese military and government, according to letters seen by Reuters.
US lawmakers continue to express concern over the Chinese telecoms’ US operations following high-profile Chinese-led cyberattacks, including Volt Typhoon, which the FBI said has allowed China to gain access to American telecommunications, energy, water and other critical infrastructure.
In the US situation, the China-backed hacking group Salt Typhoon was implicated in cyberattacks against at least nine US telecommunications firms. These attacks targeted systems facilitating legal access requests for law enforcement, compromising sensitive data and raising national security concerns.
Biggest risk
Cyber incidents such as ransomware attacks, data breaches, and IT disruptions, rank as the top global risk in the Allianz Risk Barometer this year – and by a higher margin than ever before. Ten years ago, cyber risk ranked only #8 globally with just 12% of responses, compared with 38% in 2025.
“For many companies, cyber risk, exacerbated by rapid development of AI, is the big risk overriding everything else,” said Allianz Commercial global head of cyber risk consulting Rishi Baviskar. “Concern is widening worldwide. Cyber is the top risk across North and South America, in Europe and Africa, and comes out on top in 20 countries in both developed and emerging economies.”
In January EY’s telecom sector risks highlighted how AI misuse was making security more difficult as well. AI is making cyberattacks smarter while 57% of telcos the consultants surveyed are concerned about security attacks impacting physical assets at a time when sabotage affecting subsea internet cables is on the rise.
MTN’s response
MTN said it had also informed the relevant country authorities about the data leak and said it will continue to update them on an ongoing basis while working closely with them and law enforcement agencies in supporting their investigations. “We are in the process of notifying affected customers in compliance with local legal and regulatory obligations,” the operator stated.
