MTN suffers cybersecurity breach, says ‘unknown third party’ responsible

MTN Group says it suffered a cybersecurity incident that led to unauthorised access to the personal data of some customers in selected markets.

In a statement on Thursday, the telecoms giant assured stakeholders that its core infrastructure — including its network, billing systems, and financial services platforms — remains secure and fully operational.

The company said an unknown third party claimed responsibility for accessing parts of its system, but added that there was currently no indication that customers’ accounts or mobile money wallets were compromised.

“At this stage, we do not have any information to suggest that customers’ accounts and wallets have been directly compromised,” MTN said.

MTN said it immediately activated its cybersecurity response procedures, including informing the South African Police Service (SAPS) and the Directorate for Priority Crime Investigation, known as the Hawks.

The group said it had also notified the relevant authorities in the affected countries and would continue to work closely with them and law enforcement to support ongoing investigations.

In line with regulatory obligations, the network provider said it had begun notifying affected customers.

The telecoms company urged users to remain vigilant and observe standard security practices, including setting strong passwords, avoiding suspicious messages, and enabling multifactor authentication where available.

“The privacy of information is our top priority, and MTN remains committed to safeguarding the integrity of our systems and the trust placed in us by our customers and other stakeholders,” it said.

“To mitigate any fraudulent consequences, a fraud alert can be placed on an individual’s credit report at any of the major credit bureaus.

“Keep MTN, MoMo and banking apps and devices updated.

“Use strong, unique passwords for accounts and change them regularly.

“Be cautious of unexpected messages and do not click on suspicious links.

“Do not disclose information such as passwords, PINs and OTP when asked to do so by phone, text message or email.

“Where multifactor authentication is available, it should be activated.”

MTN added that it would continue to contain and manage the situation “carefully” while keeping stakeholders updated.