**2025: Africa’s Cybersecurity Landscape Forced Into the Open**
2025 marked a turning point for cybersecurity in Africa, as regulatory pressure, high-profile breaches, and evolving threats stripped away the luxury of secrecy. Governments and organizations across the continent faced new mandates to disclose incidents, exposing vulnerabilities that had long been downplayed—or ignored.
Regulatory Crackdowns Force Transparency
Algeria led the charge with a strict five-day breach reporting window, imposing heavy fines for non-compliance. Kenya and South Africa followed suit, tightening disclosure rules to treat cyber incidents as public events rather than internal IT issues.
- Kenya required operators to notify data controllers within 48 hours of a breach, with preliminary reports to the Office of the Data Protection Commissioner (ODPC) due in 72 hours—even if full details were unclear. Delays now carried regulatory risks, including fines and potential loss of data-processing rights.
- South Africa revamped its Protection of Personal Information Act (POPIA) in April 2025, mandating online breach reports that detailed the incident, affected data, containment efforts, and victim guidance. The Information Regulator logged 2,374 breaches in the 2024/25 financial year, with 82% occurring after April 2025—a surge attributed to stricter reporting rather than a sudden spike in attacks.
- Zambia reclassified cybersecurity as a critical-infrastructure issue, splitting its laws into a Cyber Security Act (for providers and critical sectors) and a Cyber Crimes Act (for offenses). Designated operators—spanning energy, finance, health, and transport—now face annual audits, mandatory incident reporting, and fines up to ZMW 1.2 million ($48,000), with prison terms of up to 10 years for severe violations.
High-Profile Breaches Expose Systemic Weaknesses
The new transparency requirements laid bare the scale of Africa’s cyber vulnerabilities, with attacks disrupting essential services and exposing sensitive data.
- Healthcare Under Siege: Kenya’s M-TIBA suffered a major breach in October 2025, with hackers dumping stolen data on Telegram to pressure the platform into paying ransoms. The incident mirrored 2024’s South African National Health Laboratory Service (NHLS) breach, reinforcing healthcare as a prime target.
- Telecoms as Identity Vaults: Telecom operators, once considered resilient, became lucrative targets.
- Telecom Namibia (December 2024) faced a ransomware attack that crippled operations, with attackers leaking billing data of government officials after the company refused to pay.
- Cell C (January 2025) suffered a breach by RansomHouse, which published stolen customer data on the dark web.
- MTN Group disclosed breaches in South Africa (April 2025) and Ghana (April 28), affecting thousands of subscribers and triggering a criminal investigation in South Africa.
- Critical Infrastructure Hit: Attacks on South Africa’s Eskom (December 2024) revealed a 2024 breach of its Online Vending System (OVS), where criminals exploited vulnerabilities to generate fraudulent prepaid electricity tokens, costing the utility R657 million–R1.1 billion ($39.5–$66 million). By September 2025, Eskom reported the fraud had been contained, but the incident underscored the financial and reputational costs of delayed disclosure.
- Public Services Disrupted: The South African Weather Service (SAWS) (January 2025) saw key systems knocked offline, disrupting aviation and marine forecasts. In Namibia, a July attack on Otjiwarongo’s municipal systems blocked residents from accessing basic services.
Espionage and State-Linked Threats
Cyber espionage emerged as a silent but persistent threat, with state-linked groups targeting strategic sectors.
- China’s Salt Typhoon was linked to attacks on South African telecom providers, seeking access to metadata and call records rather than causing disruption.
- RedNovember, a suspected Chinese-linked group, allegedly breached South Africa’s State Security Agency (SSA) in September 2025. While officials denied the intrusion, the incident highlighted the risks of state-sponsored cyber operations targeting high-profile government entities.
- Ransomware gangs shifted focus to ports, utilities, and logistics, with South Africa alone suffering $120 million in annual losses from such attacks.
Digital Skirmishes and Hacktivism
Cyber operations became tools of geopolitical conflict, with hacktivist groups escalating tensions.
- In April 2025, Moroccan-linked hackers compromised Algeria’s state news agency’s X account, renaming it to "Sahara Marocain" in a provocative move.
- Pro-Algerian group Jabaroot retaliated by hacking Morocco’s National Social Security Fund, exposing 2 million citizens’ personal and financial data, and later defacing the Ministry of Labour’s website. The tit-for-tat attacks left civilians’ data as collateral damage.
The Human Factor: Insiders and AI-Driven Scams
2025 also saw insider threats and AI-powered social engineering reshape cybercrime.
- Nigeria’s Access Bank uncovered a ₦826 million ($569,345) fraud scheme, where employees allegedly diverted funds through a fake internal revenue account.
- West Africa’s BEC syndicates, like Black Axe, industrialized their operations, while AI-driven deepfake scams—including voice-cloning CEO fraud and digital sextortion—made traditional warning signs obsolete.
Enforcement and the Cost of Negligence
Regulators began imposing real financial consequences for poor cybersecurity practices.
- INTERPOL arrested 1,209 cybercriminals across 18 African countries in a coordinated operation.
- Nigeria’s Data Protection Commission (NDPC) fined MultiChoice ₦766 million ($528,000) for failing to protect consumer data, signaling that data stewardship would no longer go unpunished.
A Continent at a Crossroads
By 2025, Africa had lost over $3 billion to cybercrime since 2019, per INTERPOL, with 90% of businesses lacking adequate cybersecurity protocols. Only 30% of African countries had incident reporting systems, and cybersecurity spending remained heavily skewed toward reactive measures rather than proactive defenses.
As the year closed, the fear was no longer just breaches—it was being seen as unprepared, evasive, or ordinary in the face of a problem that could no longer be managed in silence. The era of quiet containment was over.
Source: https://realnewsmagazine.net/in-2025-cyber-breaches-in-africa-became-harder-to-hide/
MTN cybersecurity rating report: https://www.rankiteo.com/company/mtn
MultiChoice Group cybersecurity rating report: https://www.rankiteo.com/company/multichoicegroup
Cellnex Telecom cybersecurity rating report: https://www.rankiteo.com/company/cellnextelecom
Access Intelligence cybersecurity rating report: https://www.rankiteo.com/company/access-intelligence
Ministry of Industrialization, Trade & Enterprise Development - Kenya. cybersecurity rating report: https://www.rankiteo.com/company/ministry-of-industrialization-trade-enterprise-development-kenya
Cyber Directorate cybersecurity rating report: https://www.rankiteo.com/company/cyber-directorate
"id": "MTNMULCELACCMINCYB1767603186",
"linkid": "mtn, multichoicegroup, cellnextelecom, access-intelligence, ministry-of-industrialization-trade-enterprise-development-kenya, cyber-directorate",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Kenya',
'name': 'M-TIBA',
'type': 'Healthcare Platform'},
{'industry': 'Telecommunications',
'location': 'Namibia',
'name': 'Telecom Namibia',
'size': 'State-owned',
'type': 'Telecom Provider'},
{'industry': 'Telecommunications',
'location': 'South Africa',
'name': 'Cell C',
'type': 'Mobile Operator'},
{'customers_affected': '5,700 (Ghana)',
'industry': 'Telecommunications',
'location': ['South Africa', 'Ghana'],
'name': 'MTN Group',
'size': 'Multinational',
'type': 'Telecom Provider'},
{'industry': 'Meteorology',
'location': 'South Africa',
'name': 'South African Weather Service (SAWS)',
'type': 'Government Agency'},
{'industry': 'Public Services',
'location': 'Namibia',
'name': 'Otjiwarongo Municipal Systems',
'type': 'Municipal Government'},
{'industry': 'Energy',
'location': 'South Africa',
'name': 'Eskom',
'size': 'State-owned',
'type': 'Power Utility'},
{'industry': 'Taxation and Land Administration',
'location': 'Senegal',
'name': 'Senegal Directorate General of Taxes and '
'Domains (DGID)',
'type': 'Government Agency'},
{'industry': 'Banking',
'location': 'Nigeria',
'name': 'Access Bank',
'size': 'Largest by assets',
'type': 'Financial Institution'},
{'industry': 'Entertainment',
'location': 'South Africa (Multinational)',
'name': 'MultiChoice',
'size': 'Multinational',
'type': 'Media Company'},
{'customers_affected': '2 million citizens',
'industry': 'Social Security',
'location': 'Morocco',
'name': 'Morocco’s National Social Security Fund',
'type': 'Government Agency'},
{'industry': 'Media',
'location': 'Algeria',
'name': 'Algeria’s State News Agency',
'type': 'Government Agency'},
{'industry': 'Labor',
'location': 'Morocco',
'name': 'Morocco’s Ministry of Labour',
'type': 'Government Agency'},
{'industry': 'Intelligence',
'location': 'South Africa',
'name': 'State Security Agency (SSA)',
'type': 'Government Agency'}],
'attack_vector': ['Phishing',
'Exploited Vulnerabilities',
'Insider Collusion',
'AI-Driven Social Engineering',
'Ransomware'],
'customer_advisories': ['South Africa (MTN breach)', 'Kenya (M-TIBA breach)'],
'data_breach': {'data_encryption': ['Ransomware encryption (Senegal DGID)'],
'data_exfiltration': ['Published on Telegram (M-TIBA)',
'Dark web (Cell C)',
'Public channels (Morocco)'],
'number_of_records_exposed': ['Tens of thousands (Morocco)',
'5,700 (MTN Ghana)'],
'personally_identifiable_information': ['Yes (Morocco, MTN, '
'Telecom Namibia)'],
'sensitivity_of_data': ['High (PII, financial, government)'],
'type_of_data_compromised': ['Personal data',
'Financial data',
'Billing data',
'Tax records',
'Metadata',
'Call records',
'Weather data',
'Prepaid tokens']},
'date_publicly_disclosed': '2025',
'description': 'A summary of major cybersecurity breaches and regulatory '
'changes across African companies in 2025, highlighting '
'increased disclosure requirements, high-profile attacks, and '
'evolving threats.',
'impact': {'brand_reputation_impact': ['Loss of customer trust',
'Public exposure of breaches',
'Negative media coverage'],
'data_compromised': ['Sensitive billing data',
'Customer data',
'Personal and financial information',
'Tax records',
'Weather data',
'Prepaid electricity tokens',
'Metadata and call records'],
'downtime': ['Disrupted aviation and marine forecasts (SAWS)',
'Blocked municipal services (Otjiwarongo)',
'Telecom outages (Telecom Namibia, Cell C)'],
'financial_loss': ['$39.5 million–$66 million (Eskom)',
'$120 million annually (South Africa)',
'₦826 million ($569,345) (Access Bank)',
'$3 billion (Africa, 2019-2025)'],
'identity_theft_risk': ['Exposure of personally identifiable '
'information',
'Fraud and extortion risks'],
'legal_liabilities': ['Fines up to ZMW 1.2 million ($48,000) '
'(Zambia)',
'Prison terms up to 10 years (Zambia)',
'Regulatory sanctions (Kenya, South Africa)'],
'operational_impact': ['Delayed breach disclosures',
'Regulatory fines and sanctions',
'Loss of data processing rights',
'Increased scrutiny and audits'],
'payment_information_risk': ['Fraudulent power tokens (Eskom)',
'Exposed billing data (Telecom '
'Namibia)'],
'revenue_loss': ['$39.5 million–$66 million (Eskom)',
'₦766 million ($528,000) fine (MultiChoice)'],
'systems_affected': ['Telecom systems',
'Healthcare platforms (M-TIBA)',
'Weather services (SAWS)',
'Municipal systems (Otjiwarongo)',
'Power utility systems (Eskom OVS)',
'Tax authority systems (Senegal)',
'Government login portals (Kenya)']},
'initial_access_broker': {'data_sold_on_dark_web': ['Yes (Cell C)'],
'high_value_targets': ['Telecom providers',
'Government agencies',
'Critical infrastructure']},
'investigation_status': ['Ongoing (MTN South Africa)',
'Denied (SSA breach)',
'Contained (Senegal DGID)'],
'lessons_learned': 'Breaches are harder to hide due to stricter reporting '
'requirements; telecoms and critical infrastructure are '
'prime targets; insider threats and AI-driven social '
'engineering are growing risks; regulatory fines and '
'sanctions are increasing.',
'motivation': ['Financial Gain',
'Espionage',
'Hacktivism',
'Extortion',
'Fraud',
'Retaliation'],
'post_incident_analysis': {'corrective_actions': ['Stricter breach reporting',
'Annual audits (Zambia)',
'Enhanced monitoring',
'Network segmentation',
'Proactive threat hunting'],
'root_causes': ['Weak security controls',
'Delayed reporting',
'Insider collusion',
'Lack of encryption',
'Insufficient monitoring',
'Regulatory gaps']},
'ransomware': {'data_encryption': ['Yes (Senegal DGID)'],
'data_exfiltration': ['Yes (Cell C, M-TIBA)'],
'ransomware_strain': ['RansomHouse (Cell C)']},
'recommendations': 'Invest in proactive cybersecurity measures (monitoring, '
'threat hunting, testing); improve incident response and '
'disclosure processes; enhance insider threat detection; '
'adopt stricter regulatory compliance; increase '
'cybersecurity spending beyond basic perimeter tools.',
'references': [{'date_accessed': '2025-01-05', 'source': 'TechCabal'},
{'source': 'INTERPOL Africa Cyberthreat Assessment Report'},
{'source': 'PwC Report on Cybersecurity Spending'},
{'date_accessed': '2025-11', 'source': 'MyBroadBand'},
{'source': 'Recorded Future'}],
'regulatory_compliance': {'fines_imposed': ['₦766 million ($528,000) '
'(MultiChoice)',
'Up to ZMW 1.2 million ($48,000) '
'(Zambia)'],
'legal_actions': ['Criminal investigation (MTN '
'South Africa)',
'Prison terms (Zambia)'],
'regulations_violated': ['POPIA (South Africa)',
'Kenya Data Protection Act',
'Zambia Cyber Security Act',
'Nigeria Data Protection '
'Regulation'],
'regulatory_notifications': ['Kenya (ODPC)',
'South Africa '
'(Information '
'Regulator)',
'Zambia (Cyber '
'Security Agency)']},
'response': {'communication_strategy': ['Public disclosures (Kenya, South '
'Africa)',
'Regulatory notifications'],
'containment_measures': ['Enhanced monitoring',
'Network segmentation',
'Quiet containment (Senegal DGID)'],
'law_enforcement_notified': ['South Africa (MTN breach)',
'INTERPOL (coordinated arrests)'],
'remediation_measures': ['Reduced fraud activity (Eskom)',
'System recovery (Otjiwarongo)']},
'threat_actor': ['RansomHouse',
'Salt Typhoon (China-linked)',
'RedNovember (China-linked)',
'Black Axe',
'Jabaroot (Hacktivist)',
'Pro-Moroccan Hackers',
'Unknown Criminal Syndicates'],
'title': 'African Cybersecurity Breaches in 2025',
'type': ['Data Breach',
'Ransomware',
'Espionage',
'Social Engineering',
'DDoS',
'Insider Threat'],
'vulnerability_exploited': ['Weak Security Controls',
'Delayed Incident Reporting',
'Lack of Encryption',
'Insufficient Monitoring',
'Insider Access Abuse']}