Cyber Incident Victim: Telecom Namibia
Date:
Dec 2024
Location:
Namibia
Summary
Telecom Namibia experienced a cybersecurity incident involving unauthorized access to customer data, including ID numbers, payslips, and banking details, which was subsequently leaked on the dark web by the threat actor Hunters International. The breach occurred after the organization refused to comply with ransom demands, contradicting initial statements that no sensitive information was compromised. The attack was contained prior to the leak, preventing further system compromises, but stolen data from the earlier intrusion was published. The company is collaborating with law enforcement and cybersecurity experts to mitigate risks, while cautioning the public against circulating or misusing the exposed information for fraudulent activities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Telecom Namibia experienced a cybersecurity incident involving unauthorized access to customer data, which was later leaked on the dark web. The company first detected the breach on 13 December 2024 when customer data appeared on dark web platforms, though forensic investigations traced the initial compromise to approximately three weeks prior to that date. The threat actor responsible was identified as Hunters International, a cybercrime group. Telecom Namibia’s CEO, Dr. Stanley Shanapinda, initially downplayed the severity of the incident, asserting no sensitive information was exposed. Subsequent analysis contradicted this early assessment, confirming the theft of sensitive customer data including ID numbers, payslips, and banking details. The company stated it contained the threat within the three-week window preceding the dark web leak, preventing further attacks on its systems or third-party networks. Telecom Namibia explicitly linked the data leak to its refusal to negotiate or pay any ransom demanded by the attackers.
The confirmed data exposure prompted Telecom Namibia to collaborate with law enforcement agencies and cybersecurity experts to mitigate risks and pursue legal action against the perpetrators. The company issued a public advisory on 16 December 2024, urging customers to update passwords for personal devices, Wi-Fi networks, email accounts, and other digital assets. It warned against circulating or misusing the leaked data, emphasizing that such actions constitute criminal offenses. Customers were also instructed to reject suspicious monetary requests and report fraudulent attempts via Telecom Namibia’s Jiva Tip Off Hotline or dedicated email channel. The incident highlighted a discrepancy between the CEO’s initial denial and the eventual confirmation of significant data compromise. Telecom Namibia reiterated its implementation of enhanced safeguards for confidential data but did not disclose technical specifics of the attack vector, containment measures, or the total number of affected individuals. No additional system compromises or operational disruptions beyond the confirmed data theft were reported following the containment.