The Data Protection Commission (DPC) has confirmed that it is actively investigating a potential cybersecurity breach involving the personal information of some MTN customers.
In a statement released on Friday, April 25, the Commission noted that MTN Ghana reported the incident, stressing that the breach did not affect the company’s core network, billing systems, or financial services infrastructure. However, the full extent of the incident is still being assessed.
The DPC assured Ghanaians that it is closely monitoring the situation and engaging with key stakeholders, including MTN Ghana, the National Communications Authority, and the Cybersecurity Authority. The Commission emphasized that if investigations reveal that the breach was due to negligence, it will invoke its enforcement powers under the Data Protection Act, 2012 (Act 843) to hold MTN Ghana and/or the MTN Group accountable.
“The privacy and protection of personal information is a fundamental right,” the Commission stressed. “All Data Controllers and Processors operating within Ghana or handling the personal information of Ghanaian citizens must comply fully with the provisions of Act 843.”
The DPC also reminded the public that both public and private institutions are required by law to register with the Commission. Registration ensures that these institutions are accountable for how they manage personal data. The public is encouraged to verify the licensing status of institutions and service providers they engage with and to practice good digital safety habits.
The Commission pledged to provide further updates as investigations continue and reaffirmed its commitment to transparency, accountability, and the protection of individual rights in the digital space.
