Personal data breached as African, South Korean telcos suffer cyberattacks

Africa’s largest mobile network operator, MTN Group, recently confirmed a massive cyberattack aimed at its services in a number of countries where it has operations.

The MNO said while the incident resulted in unauthorised access to personal data, its core critical infrastructure was untouched by the breach, according to a recent statement from the company.

“An unknown third-party has claimed to have accessed data linked to parts of our systems. At this stage, we do not have any information to suggest that customers’ accounts and wallets have been directly compromised. The Group immediately activated its cybersecurity response processes including informing the South African Police Service (SAPS) and the Hawks in South Africa,” MTN said.

The statement added: “We also informed the relevant country authorities and will continue to update them on an ongoing basis while working closely with them and law enforcement agencies in supporting their investigations. We are in the process of notifying affected customers in compliance with local legal and regulatory obligations.”

As part of efforts to mitigate any risks of unauthorised access to customers’ personal detail, the telco listed a number of security tips, which include keeping MTN, MoMo and banking apps and devices updated, using strong and unique passwords for accounts and changing them regularly, and being cautious of unexpected messages and not clicking on suspicious links, among other safety measures.

MTN didn’t mention the affected markets but governments in some of the telco’s big markets have responded to the situation and launched investigations to get clarity on the situation.

In Ghana, for example, the Data Protection Commission says it is probing the incident. In a statement, the body said it was working closely with authorities of MTN in order to understand what exactly happened and the potential risks arising thereof, Citi Newsroom reports.

The Commission has vowed that it will invoke the necessary disciplinary measures in force should its probe turn up any liability on MTN Ghana or MTN Group. The body reiterated its commitment to working for the protection of the personal data and privacy rights of Ghanaians, while calling on all public and private institutions to register with the Commission.

In Nigeria, which is MTN’s largest market, an unnamed source within the company told local daily Leadership that its operations were not affected by the breach. The source added that all services and systems run by MTN Nigeria were up and running properly.

SK Telecom criticized for SIM breach, slow response

Millions of South Koreans are scrambling to secure their personal accounts after a breach of data from subscriber identity modules on SK Telecom’s network.

The breach occurred on April 18, and the company has launched enhanced fraud detection and USIM protection services in response. SK Telecom subscribers have shared tips online such as reinstalling the PASS digital identity app or reauthenticating to it, or resetting identity verification for mobile banking apps, The JoongAng reports. The website for the Korea Information & Communication Promotion Association’s MSafe mobile identity theft protection service exhibited slower performance amidst a spike in visitor traffic.

A separate report from The JoognAng describes frustration among subscribers at a 10-day delay between the breach and an announcement from SK Telecom that it will replace the SIMs of all subscribers.

There are nearly 25 million subscribers to SK Telecom, between direct subscriptions and third-party carriers.

Article Topics

Africa  |  cybersecurity  |  data protection  |  MTN Group  |  SK Telecom  |  South Korea  |  telecom