In 2025, MTN experienced a cybersecurity incident involving a legacy environment that had been scheduled for migration into the Group’s fully managed domain. Before the migration was completed, the environment was compromised, exposing a logging server receiving data from several operating companies. Although the number of affected customers was small, relative to MTN’s base of 300 million subscribers, the incident underscored the importance of accelerating the modernisation of legacy systems and maintaining stringent cybersecurity measures across our environment. MTN acted swiftly and transparently. Within 48 hours the compromised server had been identified, isolated and permanently removed from the network, eliminating immediate risk. MTN promptly notified all relevant regulators and directly informed every affected customer. In addition, MTN initiated a detailed review across all our markets. The assessment examined potential vulnerabilities, accelerated the migration of unmanaged environments and strengthened interim controls where full integration was not yet possible. This Group-wide review informed a two-year cybersecurity enhancement programme that will be completed in 2026. 

Lessons learnt 

The incident reinforced the importance of early detection, rapid containment and clear engagement with regulators and customers. It also highlighted the need to eliminate legacy vulnerabilities and ensure all systems are brought into the Group’s managed security environment. The experience strengthened MTN’s overall cyber maturity and sharpened its focus on continuous improvement. 

Outlook 

MTN will continue strengthening its security posture through the Group-wide enhancement programme and sustained monitoring of global threat developments. The Group will also track the evolving role of artificial intelligence in both cyber defence and cybercrime, guided by our Responsible AI Policy approved by the Ethics Subcommittee of the Board. Furthermore, we are reviewing security capabilities across all markets so they remain fit for purpose and aligned with international standards.