Pierluigi Paganini@Security Affairs
//
African multinational telecommunications company, MTN Group, has disclosed a cybersecurity breach that exposed the personal information of some of its subscribers. The breach has raised significant concerns about data security and the potential regulatory and legal repercussions the company may face. MTN operates across various African markets and is therefore subject to stringent national data protection laws, such as South Africa’s Protection of Personal Information Act (POPIA) and Nigeria’s Data Protection Regulation (NDPR). These regulations mandate strict data handling and security measures, with non-compliance potentially leading to substantial fines and legal actions.
MTN's immediate response included collaboration with law enforcement, specifically the South African Police Service and the Directorate for Priority Crime Investigation, underscoring the seriousness of the situation. While MTN has assured stakeholders that its core networks and financial systems remain secure, the incident has nonetheless triggered concerns about the overall robustness of the company's cybersecurity defenses. An investigation is currently underway to determine the full scope and impact of the breach, as the company seeks to understand how the attackers were able to compromise customer data. The breach poses a significant challenge to MTN's brand reputation and customer trust, particularly given its extensive subscriber base of nearly 300 million users. Restoring confidence will require transparent communication with affected customers and the implementation of robust cybersecurity measures to prevent future incidents. The company has already begun notifying impacted customers and is working to comply with all local legal and regulatory obligations. While the precise financial consequences of the breach are still unknown, the incident highlights the growing threat of cyberattacks against telecommunications companies and the critical importance of maintaining strong data protection practices. References :
Classification:
@www.ic3.gov
//
The FBI has issued a public appeal for information regarding a widespread cyber campaign targeting US telecommunications infrastructure. The activity, attributed to a hacking group affiliated with the People's Republic of China and tracked as 'Salt Typhoon,' has resulted in the compromise of multiple U.S. telecommunications companies and others worldwide. The breaches, which have been ongoing for at least two years, have led to the theft of call data logs, a limited number of private communications, and the copying of select information subject to court-ordered U.S. law enforcement requests. The FBI is seeking information about the individuals who comprise Salt Typhoon and any details related to their malicious cyber activity.
The FBI, through its Internet Crime Complaint Center (IC3), is urging anyone with information about Salt Typhoon to come forward. The agency's investigation has uncovered a broad and sophisticated cyber operation that exploited access to telecommunications networks to target victims on a global scale. In October, the FBI and CISA confirmed that Chinese state hackers had breached multiple telecom providers, including major companies like AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream, as well as dozens of other telecom companies in numerous countries. In an effort to incentivize informants, the U.S. Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to US$10 million for information about foreign government-linked individuals participating in malicious cyber activities against US critical infrastructure. The FBI is accepting tips via TOR in a likely attempt to attract potential informants based in China. The agency has also released public statements and guidance on Salt Typhoon activity in collaboration with U.S. government partners, including the publication of 'Enhanced Visibility and Hardening Guidance for Communications Infrastructure.' Salt Typhoon is also known by other names such as RedMike, Ghost Emperor, FamousSparrow, Earth Estries, and UNC2286. References :
Classification:
|