MTN Group, one of Africa’s largest telecom providers, has confirmed a cybersecurity breach that resulted in unauthorized access to customer data in several markets. While the company hasn’t disclosed how many people were affected, it’s now confirmed that an extortion group is behind the intrusion.

MTN, headquartered in Johannesburg, South Africa, serves around 288 million customers across 18 countries. The company says the breach did not impact its core network, nor did it affect billing or financial services infrastructure. That’s a critical detail—especially for IT leaders tracking threats to telecoms and the broader digital supply chain.

According to an official notice, the attacker accessed parts of MTN’s systems and claimed to have retrieved customer-related data. MTN emphasized that no evidence currently suggests direct compromise of customer accounts or mobile wallets, but the situation remains fluid.

Once the breach was detected, MTN immediately activated its cyber incident response plan and began notifying regulators and authorities in South Africa and other affected jurisdictions. The company is now in the process of notifying impacted customers, in line with local legal and regulatory requirements.

The threat actor has made a demand, but MTN hasn’t disclosed the nature of that demand or whether negotiations are underway. The investigation is still ongoing, which is why specific details—like the number of users affected—are still being withheld.

For now, MTN is urging customers to stay vigilant and watch for any suspicious activity. The company maintains that data privacy and system integrity are top priorities, and says it is continuing efforts to contain and manage the breach carefully.

For those of us monitoring cybersecurity risks across telecom infrastructure, this incident is another reminder of how extortion tactics continue to evolve—and how critical it is to separate operational impact from data exposure during incident response.