Front Page News, National

Telecom hit by massive cyberattack … over 400 000 files ‘leaked’ 

2024-12-162024-12-16By Paheja Siririka
Telecom hit by massive cyberattack … over 400 000 files ‘leaked’ 

Telecom Namibia has been hit by a cyber incident involving customers’ data leaks.

Since then, the company has been assessing the full scope and extent of the attack with the help of local and international cybersecurity experts.

CEO Stanley Shanapinda said Telecom Namibia is committed to addressing this matter responsibly, and will issue a detailed statement soon.

“As cyber incidents have become widespread and a common occurrence, we have recently identified and, in time, successfully contained a cyber reconnaissance mission, thanks to our advanced incident monitoring and detection systems and protocols as per our updated cybersecurity policies and controls,” he stated in a ‘confidential’ communique.

On 11 December 2024, Telecom Namibia fell victim to a ransomware attack, allegedly orchestrated by a group known as Hunters International.

This ransomware-as-a-service operation exfiltrated an estimated 626.3GB of data, comprising 492,633 files.

Yesterday, Communications Regulatory Authority of Namibia (Cran) CEO Emilia Nghikembua said they take cybersecurity very seriously.

“Through the Namibia Cyber Security Incident Response Team (NAM-CSIRT), Cran promptly responded upon identifying the attack, and continues to support the affected operator in mitigating its impact,” she added.

Nghikembua highlighted that while Namibia does not yet have a dedicated cybercrime and data protection law, Cran, through NAM-CSIRT, ensures compliance with international best-practices. “The NAM-CSIRT encourages operators and all owners of CI and CII to adopt internationally-recognised best-practices, including encryption and regular security assessments, to enhance cybersecurity resilience,” she stated. It is thus crucial for all stakeholders to invest in proactive cybersecurity measures as the protection of national critical infrastructure requires collective action, strategic planning and a commitment to compliance with global standards.

Nghikembua encouraged stakeholders to swiftly report any incidents to NAM-CSIRT to ensure timely and effective incident handling and support.

Commenting on the incident, IT risk expert Thomas Hamata said the Telecom cyberattack is a reminder of the stakes in today’s digital landscape. For businesses, cybersecurity is no longer optional – it is a foundational requirement.

This incident also highlights the pressing need for Namibia to enforce its Data Protection Act, as the lack of statutory penalties may embolden poor data security practices across organisations. “The attackers set a ransom deadline, threatening to release the stolen data if their demands were not met. When the deadline passed, hundreds of sensitive customer records, including IDs, addresses and banking details were leaked, and began circulating on social media,” said Hamata.

He added that Namibia’s Data Protection Act, which could impose significant fines and penalties for such data breaches, has not yet been enforced, leaving customers with limited recourse under statutory law. However, common law principles may allow for claims of damages due to negligence in safeguarding data.

He added: “For Telecom customers, this breach is more than a corporate cybersecurity failure – it’s a personal privacy crisis. Leaked data could expose individuals to identity theft, financial fraud and phishing scams. Sensitive information like bank account details, personal IDs and contractual records are now potentially accessible to malicious actors on the dark web.”

Hamata said the breach furthermore raises broader questions about organisational responsibility and the long-term risks to customers, and that public circulation of this data on social media increases the likelihood of targeted phishing attacks, where cybercriminals use leaked information to craft convincing scams aimed at stealing even more personal or financial details. “These attacks could lead to severe financial and psychological consequences for affected individuals, including long-term damage to their financial security and creditworthiness. This cyberattack serves as a stark reminder of the steps businesses must take to protect their systems and customers’ data from increasingly sophisticated threats,” he observed.

psiririka@nepc.com.na