Data Protection Commission Probes MTN Ghana Over Potential Cybersecurity Breach, Vows Sanctions if MTN Ghana Found Negligent
The Data Protection Commission (DPC) has announced that it is investigating a potential cybersecurity breach that has led to the unauthorised access of personal information belonging to some customers of telecom giant MTN Ghana.
According to the Commission, MTN has confirmed that while personal data may have been exposed, the breach did not affect its core network, billing systems, or financial services infrastructure.
In a statement issued on Friday, April 25, the Commission disclosed that it is working closely with MTN Ghana, the National Communications Authority (NCA), and the Cybersecurity Authority to ascertain the full extent of the breach.
“The Commission wishes to assure the people of Ghana that it is actively monitoring the situation and engaging closely with MTN Ghana, the National Communications Authority and the Cybersecurity Authority,” the DPC stated.
Should the investigation establish that the breach was a result of negligence, the Commission says it will invoke its enforcement powers under the Data Protection Act, 2012 (Act 843) to hold MTN Ghana and/or its parent company, MTN Group, accountable.
Reiterating its commitment to safeguarding the privacy rights of individuals, the Commission stressed that the protection of personal data is a fundamental right under Act 843 and that all data controllers and processors must strictly adhere to its provisions.
The Commission further reminded public and private sector institutions of their legal obligation to register with the DPC – a measure designed to ensure transparency and accountability in data processing practices.
The DPC says it will continue to update the public as new developments unfold, maintaining its commitment to transparency and the protection of data in Ghana’s digital ecosystem.
Meanwhile, the DPC has urged the public to remain vigilant, observe digital safety practices, and report any suspicious activity to their service providers or the Commission.
MTN Group Discloses Cybersecurity Breach Affecting Customer Data In Selected Markets
The MTN Group on Thursday, April 24, 2025, reported a cybersecurity incident that led to unauthorised access to personal information of some of its customers across certain markets – with Ghana believed to be among the countries affected by the data breach.
According to the Johannesburg-based telco, the breach involved an unidentified third party who claimed to have accessed data linked to certain parts of its systems. However, it added that there is currently no evidence suggesting that customers’ accounts and mobile money wallets have been directly affected.
“At this stage, we do not have any information to suggest that customers’ accounts and wallets have been directly compromised,” MTN said.
The Group noted that its critical infrastructure, including core network systems, billing platforms and financial services infrastructure, remain secure and fully operational.
“Our core network, billing systems and financial services infrastructure remain secure and fully operational,” MTN assured.
The telco giant, however, noted that it continues to assess the situation and will provide updates as more information becomes available.
