MTN Ghana is facing urgent calls for full transparency and accountability after a cybersecurity breach exposed the personal data of approximately 5,700 customers, raising concerns over the integrity of Ghana’s digital infrastructure and customer trust in the telecommunications sector.
In a strongly worded statement, the Cyber Security Expert Association of Ghana (CSEAG) stressed that the breach goes far beyond reputational damage.
“This is not just only about numbers or reputations, it’s about the personal data and trust of millions of Ghanaians,” the group said. “The implications are profound. Any erosion of trust in our telecommunications sector can undermine the digital progress of our entire nation.”
The breach has prompted a government-led investigation by the Ministry of Communications, working in collaboration with the Cyber Security Authority (CSA), National Communications Authority (NCA), and the Data Protection Commission. CSEAG is demanding that MTN takes “full accountability and pursue transparency,” adding that the telco must “cooperate completely” with the ongoing probe.
“We expect MTN’s leadership to cooperate fully with regulators and share their findings transparently with both the authorities and the public, within legal limits,” CSEAG noted. “Leadership means owning problems as well as successes. Ghanaian customers deserve a thorough explanation of what happened and why.”
Although the full scope of the breach remains under investigation, CSEAG is warning of possible insider involvement, referencing the Bank of Ghana’s 2024 Fraud Report, which found a rise in staff-involved fraud cases across the banking sector, including mobile money platforms like MTN’s MoMo.
“Internal actors can be as dangerous as external attackers,” the group said. It is urging MTN to conduct a “rigorous internal review of all personnel with privileged access,” implement deeper pre-employment background checks, including criminal, financial, and reference verifications, and introduce continuous behavior monitoring and anomaly detection systems. “Preventing future breaches means securing not only systems, but also the people who manage them.”
CSEAG stressed that cybersecurity is “not merely a technical concern, it is a core leadership responsibility.” While acknowledging MTN’s ongoing response, the group advised the company’s board and executives to keep cybersecurity as a “top priority,” supported by regular risk assessments, evolving policies, and adequate resource allocation.
“Strong firewalls and encryption are important, but without top-down commitment, they can fail,” CSEAG said. “With consistent, proactive engagement from the top, MTN can further strengthen its resilience and cybersecurity posture.”
The association also highlighted the importance of local capacity-building, urging MTN to move beyond relying solely on external consultants and instead invest in a permanent team of in-house cybersecurity professionals. “The fact that MTN is working closely with leading cybersecurity experts in the forensic investigation is a good first step,” CSEAG stated. “We urge MTN to build and retain an in-house team of specialists, people who understand the systems and can respond instantly at any hour.”
To customers and the public, CSEAG issued a call to remain alert and proactive; “We strongly advise you to update your mobile and banking apps, use strong, unique passwords, and never share your PINs or OTPs with anyone. If you receive any communication that seems out of the ordinary, question it. Security is a shared responsibility between companies and citizens.”
CSEAG further pledged its support in assisting with recovery efforts, offering to collaborate with MTN, the CSA, and other relevant authorities to provide training, advisory services, and public awareness campaigns. “This moment calls for unity. Our industries, government, and civil societies must work together to reinforce our cyber defences and rebuild confidence.”
The statement concluded on the note that, “this incident serves as a wake-up call. Ghana’s digital future depends on strong leadership, robust security practices, and the collective effort of all sectors. We remain committed to ensuring that this challenge becomes a turning point for lasting improvement in our cybersecurity landscape.”
