Black X dumps 2GB of ANC membership data online — Ramaphosa, Mashatile and Mantashe among 2.3 million records exposed

Hacker group Black X has published nearly 2GB of alleged ANC membership data on the deep web — including the personal details of President Ramaphosa, Deputy President Mashatile, Gwede Mantashe and other senior officials. Some 2.3 million records reportedly contain full names, ID numbers, phone numbers, and physical and email addresses. The breach allegedly dates to August 2025, predating the ANC's current ICT provider. Compounding the crisis, the Information Regulator confirms the ANC never formally reported the compromise as required under POPIA. The party that governs South Africa's data protection framework apparently can't protect its own members' most sensitive personal information..By Luis Monzon.The hacker group Black X has published nearly 2GB of what it alleged was the personal information of ANC members on the deep web, including that of top government officials.MyBroadband reviewed the leak and found top ANC officials listed, including President Cyril Ramaphosa, Deputy President Paul Mashatile and Gauteng Premier Panyaza Lesufi.We also found what was alleged to be the private details of Khusela Diko, chairperson of the Portfolio Committee on Communications, and Mineral Resources Minister Gwede Mantashe.Other members represented in the alleged data leak are Parks Tau, the minister of trade and industry; Khumbudzo Ntshavheni, minister in the presidency; and Nomvula Mokonyane, deputy secretary general.Approximately 2.3 million records were in the purported leak, each allegedly containing the full names of ANC members, as well as ID numbers, phone numbers, and physical and email addresses.We have contacted the ANC for comment about the leak, but it did not respond by publication. We will update this article with its feedback if received.The leak followed a claimed data breach of the ANC’s membership platform by the hacker group in August 2025.At some point in June, Black X included a password to unlock the files that contained the allegedly leaked private details.Prior to that, the threat actor was selling passwords for the ANC database, as well as four other databases that it claimed contained exfiltrated data following breaches.All five datasets now indicate they have been published, with the ANC database joined by two South Korean companies, a German trade union, and a legal firm from the Philippines.In previous communications with the ANC regarding the claimed data breach, the party told MyBroadband that it launched an investigation through its ICT provider, Emperio.“Emperio’s preliminary investigation identified no conclusive evidence of unauthorised access to the current production database under Emperio’s management,” it said at the time.“The threat claim is more consistent with an opportunistic threat or extortion attempt, or with possible historical data exposure predating Emperio’s current hosted environment, than with a verified breach.”It said it would engage with the South African Police Service (SAPS) and the State Security Agency (SSA), as the dataset could include details about senior executive members of cabinet and the state..Alleged breach predates appointment of latest ICT provider.According to an ANC report dated April 2026, the company was only finalising its service level agreement with Emperio by that date.This aligns with the ANC’s information that the breach may have predated Emperio’s deployment to its system, and with Black X’s claims that the breach occurred in August 2025.The party said in April that the Membership Management System, which was supposedly breached, was still experiencing challenges.This included “data misalignment and membership fluctuations reflected in inconsistencies between post-August NEC reports and the Mid-Term Review presented to the NGC.”As well as challenges with removing deceased members from the database and delays in issuing smart membership cards to its members.Since then, Emperio has been working to secure the ANC’s domain against potential future compromises with several updates.“Administrative access exposure, including Remote Desktop Protocol (RDP) access, has been reviewed with a focus on restricting access to trusted sources only,” the ANC said.“Server and database configuration areas associated with higher risk have been reviewed — privileged access, SQL logins, suspicious changes, backup and export indicators, and high-risk features.”The ANC has also been in communication with the Information Regulator of South Africa about the potential security compromise.“The Regulator recorded that it became aware of a possible security compromise on or about 15 May 2026,” the ANC said.In our own communications with the regulator, it stated that the ANC had not formally reported a security compromise of private member data, as required under section 22 of POPIA.“The ANC, following our communication to them, responded extensively, and we are still processing and considering their submission,” the regulator said.“We will thereafter determine the way forward or the course of action we will take.”.Changes to Black X leak site.Previously leaked samples.*This article was originally published by MyBroadband and has been republished with permission..Sign up for your early morning brew of the BizNews Insider to keep you up to speed with the content that matters. The newsletter will land in your inbox every morning on weekdays. Register here.Support South Africa's bastion of independent journalism, offering balanced insights on investments, business, and the political economy, by joining BizNews Premium. Register here.If you prefer WhatsApp for updates, sign up to the BizNews channel here.

Black X dumps 2GB of ANC membership data online — Ramaphosa, Mashatile and Mantashe among 2.3 million records exposed

Related Stories

GNU's fault lines crack open: ANC statement signals the honeymoon is firmly, officially over

Solly Moeng - Cyril’s game, Steenhuisen’s scandal and the failing ANC “fat bellies”...

Hartford: The struggle generation that built non-racial SA — and the movement that betrayed it

How solidarity plans to force out BEE by 2030: Connie Mulder | The NdB Sunday Show