The government has launched an investigation into a security breach resulting in the personal information of over 619 000 Telecom Namibia (TN) clients being leaked online last week.
The over 626.3 gigabytes of confidential information leaked on Saturday includes data from the Office of the President, medical
records, airlines, regional and town councils, universities, mining companies, car dealerships and restaurants.
The leak comes after TN did not meet a three-day deadline given by extortionists Hunters International to pay an unknown ransom amount after the group hacked its system on 11 December.
TN chief executive Stanley Shanapinda this weekend did not respond to a request to reveal the ransom amount.
The telecommunications company, with an annual revenue of more than N$1.4 billion, saw 356 pages with client’s information leaked onto the internet.
Minister of information and communications and technology Emma Theofelus says all the relevant authorities are investigating the matter.
“The ministry, the Communications Regulatory Authority of Namibia, and the Namibian Police together with Telecom are investigating the matter,” she said over the weekend.
Theofelus warned the public to remain vigilant and not to click on suspicious links.
Among the affected institutions are also the Ministry of Agriculture, Water and Land Reform, the Ministry of Home Affairs, Immigration, Safety and Security, the Ministry of Works and Transport, the Ministry of Sport, Youth and National Service, the Ministry of Defence and Veterans’ Affairs, the Ministry of Education, Arts and Culture, the Ministry of Environment, Forestry and Tourism, and the Ministry of Fisheries and Marine Resources.
The Omaheke, Omusati, Oshikoto, Khomas and Kunene regional councils and the municipalities of Walvis Bay, Gobabis, Swakopmund, Lüderitz, Karasburg, Karibib, Keetmanshoop, Rehoboth, Maltahöhe and Oniipa have been compromised.
Qatar Airways Namibia, Ethiopian Airlines, Redforce Debt Management, the Government Institutions Pension Fund, the Roads Contractor Company, Reptile Uranium Namibia, QKR Namibia and PowerCom also had their data exposed.
WHAT’S THE DAMAGE?
Shanapinda on Saturday confirmed the breach, adding that the telecommunication operator is busy assessing the extent of the incident with local and international cybersecurity experts.
“Telecom Namibia is aware of the cyberincident involving the customer data leak. Since then, we have been assessing the full scope and extent of the incident with our local and international cybersecurity experts,” he said in a statement on X.
The government this year set aside N$20 million for the establishment of a National Cybersecurity Incident Response Team (Nam-CSIRT).
Cran chief executive and head of Nam-CSIRT Emilia Nghikembua says: “This incident highlights the need for vigilance and collaboration to mitigate the ever-evolving cyberthreats facing our nation.”
Nghikembua says Nam-CSIRT has been working with TN to ensure all the necessary measures are taken to contain and address the leak.
She says Namibia does not have a dedicated cybercrime and data protection law, but Nam-CSIRT encourages operators and all owners of critical information infrastructure to adopt internationally recognised encryptions and regular security assessments to enhance cybersecurity resilience.
She urges stakeholders and the public to swiftly report any incidents to Nam-CSIRT to ensure timeous and effective incident handling and support.
To reduce the risk of future attacks, Nam-CSIRT advises organisations to implement proactive measures, such as multifactor authentication, regular vulnerability scans, timely software updates, and robust network segmentation.
“Securing access controls and deploying advanced detection and response tools are also essential for early threat identification,” she says.
GOVERNMENT IMPACT
The Ministry of Health and Social Services is also suspected to be compromised, with the risk of information being sold on the dark web.
Health minister Kalumbi Shangula did not comment by the time of going to print.
“I will revert back with responses,” he, however, promised.
Executive director of information and communication technology Audrin Mathe says the ministry cannot speculate on the extent of the breach until a proper investigation has been conducted, but advises the public to strengthen their cybersecurity measures.
“We will not speculate on the extent of breach until we learn more,” he says.
Mathe emphasises the government’s commitment to ensuring the protection of sensitive information and holding those responsible accountable.
Several files from the Office of the President, the Office of the Prime Minister, and the Office of the Auditor General have been leaked.
Office of the President spokesperson Dennis Shikwambi says the office cannot comment at this stage.
Stay informed with The Namibian – your source for credible journalism. Get in-depth reporting and opinions for
only N$85 a month. Invest in journalism, invest in democracy –
Subscribe Now!