20 December 2024
Telecom Namibia has confirmed that a hacker group exfiltrated customer data from its systems and posted it onto the dark web after the telco refused to pay a ransom to prevent it.
According to a statement from Telecom Namibia CEO Dr Stanley Shanapinda, a ransomware group called Hunters International breached its systems and downloaded the customer data files. Shanapinda said the customer data was posted on the dark web on Friday after Telecom Namibia refused to pay ransom to the group.
Telecom Namibia said that the breach happened three weeks ago, while a statement from the Communications Regulatory Authority of Namibia (CRAN) said that its Namibia Cyber Security Incident Response Team (NAM-CSIRT) detected the data exfiltration incident on 11 December.
Neither Telecom Namibia nor NAM-CSIRT specified how many files were stolen or how many customers were affected. Local media reports put the figure anywhere between 492,000-619,000, although all say that around 626.3GB of data was downloaded.
The list of affected customers includes at least eight government ministries, five regional councils and ten municipal governments, as well as corporate clients.
Telecom Namibia advised all customers to update passwords to their phones, laptops, Wi-Fi access points and email accounts, and to be extra cautious about potential fraud calls or emails asking for mobile payments.
Telecom Namibia said that it’s working with law enforcement agencies and cybersecurity experts to minimize further exposure and risk to its customers. NAM-CSIRT also confirmed it’s working with the telco to contain the breach. Emilia Nghikembua, CEO of CRAN and head of NAM-CSIRT, added that it’s crucial for all stakeholders to proactively invest in cybersecurity and comply with the international best practices – not least because Namibia doesn’t have a dedicated Cybercrime and Data Protection Law to mandate such compliance.
“This incident highlights the need for vigilance and collaboration to mitigate the ever-evolving cyber threats facing our nation,” said Nghikembua. “Protecting our national critical infrastructure requires collective action, strategic planning, and a commitment to compliance with global standards.”
