Telecom Namibia enlists international cybersecurity experts after hackers leak 630GB of data

Unidentified international cybersecurity experts have come to Telecom Namibia’s rescue after hackers leaked about 630GB of its data.

This was disclosed yesterday by Telecom Namibia (TN) chief executive Stanley Shanapinda at a press conference hosted by the Ministry of Information and Communication Technology in Windhoek.

Questions have been raised over whether the company had encrypted customers’ personal information.

Shanapinda, however, said the data theft was insignificant considering the total amount of data in TN’s hands.

“We engaged international cybersecurity experts to investigate and find the root cause and issue us with a report.

“That was done within hours of detecting that data was being copied, because that was very abnormal.

It was picked up by our security incident management system.

“We cut the access to the hacker so they don’t copy any further files and load it up to the cloud.

Now, the data that was copied was roughly 626 GB That amount represents only 1.69% of all the data we have at Telecom Namibia,” he said.

Telecom has access to over 37 000GB or 37TB of data.

A total of 619 000 TN clients have been affected thus far, TN said.

These include the Office of the President, airlines, regional and town councils, universities, mining companies, car dealerships and restaurants.

Shanapinda said due to the swift action in identifying the hacker, no further files were copied from the company.

“I want to correct one particular report in today’s [Tuesday’s] Windhoek Observer that indicated that a virus compromised our system. There was no virus. What the attacker did is what they call in cybersecurity ‘living off the land’. It’s unauthorised access through a virtual private network, or VPN.” Shanapinda said once hackers enter their system they use legitimate files that are already part of the system “that you would use to copy and move documents and create subfolders”.

They do this to hide in plain sight, he said. Executive director in the Office of the Prime Minister, I-Ben Nashandi, has in the meantime said the hack is not a sign of weak cybersecurity on TN’s part. “This particular incident, just like when you build your house at Swakopmund and you live in Windhoek, when you leave it there unprotected, be assured there will be people who will be tempted to break into it. It’s the same thing with information, because it has become so available now in the cloud,” he said.

Nashandi did not provide information on exchanges between president Nangolo Mbumba, TN and the Office of the Prime Minister.

He said his office became concerned when they realised some of the stolen data belongs to the president’s office. “What we have understood from Telecom is that the information that has been hacked pertains to information of clients submitted to Telecom when they applied for services.

“What is not correct is that the information that is out there is that of the Office of the President,” he said. Executive director of health and social services Ben Nangombe earlier this week confirmed that his ministry has been targeted in the cyberattack.

“The work that has been done revealed that the attack did breach one of our dashboards, namely the pharmaceutical management information system,” he said. He said this system comprises data on essential medicine stocks and the number of patients enrolled for particular services at healthcare facilities.