Confidential Information Exposed Following Ransomware Attack on Namibian Telecoms Firm

Namibia’s state-owned telecommunications company has experienced a ransomware attack, which has led to the exposure of sensitive customer data, reportedly including details concerning high-ranking government officials. Telecom Namibia stated that the data was released after the company declined to engage with a group of hackers known as Hunters International. The company further indicated that it is currently investigating how such a significant system breach occurred. Outgoing President Nangolo Mbumba condemned the cyberattack. His spokesman, Alfredo Hengari, was quoted by The Namibian newspaper stating that the President urged for the incident to be addressed with the “urgency it deserves” and emphasized that cybersecurity is a matter of national security. Local media reports indicate that the perpetrators acquired close to 500,000 data points, encompassing personal and financial details pertinent to government ministries, senior government officials, and other clients of the company. In a statement issued on Monday, Telecom Namibia revealed that it had only become aware last Friday that certain customer data had been disseminated on the dark web. Chief executive Stanley Shanapinda explained that the hackers made the compromised data public after Telecom Namibia communicated its unwillingness to negotiate with them over the demanded ransom. Shanapinda further noted that initially, it appeared no sensitive information had been affected. Confidential customer records, such as personal identification particulars, residential addresses, and banking account details, are reportedly among the leaked information that has been circulated on social media platforms. Telecom Namibia has stated its collaboration with security authorities to “minimise any further exposure and bring the criminals to justice.” Concurrently, the company has issued a caution advising individuals against sharing any of the compromised data. “We caution that anyone that uses and/or circulates any personal information that has been leaked will be committing a criminal offence,” stated Mr. Shanapinda. Furthermore, the company has advised its customers to update passwords on their personal devices and to refrain from conducting money transfers under questionable conditions. Ransomware is defined as malicious computer software designed to encrypt data and lock devices until a payment is made. Similar to the situation involving Telecom Namibia, ransomware attackers commonly intensify pressure on victims to transfer funds, often in cryptocurrency, to an untraceable digital wallet. These attackers typically establish a deadline for the payment transfer, failing which they threaten to release potentially sensitive data publicly. In an interview with local media, Mr. Shanapinda affirmed that the company would not “negotiate with cyber-terrorists.” He elaborated, “We know the sums they’re asking for are exorbitant and unaffordable, so there’s no reason to even consider discussing it. And even if you do pay a ransom, there’s no guarantee the information won’t still be leaked.”