[How cool. Someone is hacking the worthless ANC. Jan]
Cybercriminal group Black X recently posted on a hacker forum that it was selling nearly 2GB of private information belonging to members of the African National Congress (ANC).
According to the threat actor, the database contained 2 million records, exposing members’ ID numbers, phone numbers, email addresses, physical addresses, and photos.
The ANC is South Africa’s largest political party by membership, and governs the country alongside its coalition partners in the Government of National Unity (GNU).
Though it reached over 1.4 million members at its height in 2017, the party’s membership declined due to internal splintering and the rise of the Economic Freedom Fighters and uMkhonto we Sizwe Party.
By 2022, the party had around 600,000 members after internal audits were conducted to record members in “good standing.” Some of the leaked records may belong to past members.
In a post on the dark web, the hacker group claimed that the dataset contained the “full membership list” of the ANC and included a trove of private information of South Africans.
MyBroadband independently verified samples of the leak. The samples featured the private information from general ANC branch members rather than high-profile or provincial leadership figures.
It was likely exfiltrated from tools the party used internally to track membership fees, ID numbers, meeting attendance, and quotas for branch-level activities.
Private information such as full names, ID numbers, birth dates, gender, language preferences, phone numbers, residential address details, and postal codes is listed in the leaked information.
According to Black X’s website, the ANC database was published online on 28 August 2025, which means the leak itself is old.
However, the ANC never published an official statement about its systems being breached or membership data being leaked online.
We have reached out to the political party for comment on the leak and whether they were aware that the information had been accessible online since August 2025.
ANC member database exposed in previous hack
Screenshot of a public sample of the member database: names, ID numbers, email addresses, phone numbers and physical addresses have been redacted.
In 2022, hacker group N4ughtySecTU claimed responsibility for an attack on South Africa’s largest credit bureau, TransUnion and leaked customer databases as proof of the claims.
One of these databases contained personal data of ANC members, including limited physical address information.
At the time, the ANC database contained 1.2 million records and was obtained before 21 August 2017. The hacker group said it exfiltrated the data after breaching a TransUnion file server.
Some of the information from the 2017 leak may have been included in the 2025 database. However, it is also possible that the 2025 database was obtained more recently.
According to Black X, the hacker group’s goal is “strengthening network security for companies around the world.” It has also published data for a few other entities on its leak site.
This included information from a legal entity called Correction.org whose website is currently inaccessible. It also leaked data from a German trade organisation and a Korean surgical practice.
“Since our inception, we have helped strengthen the network security of dozens of clients,” the group said. “We are known for providing high-quality services at very affordable prices.”
According to the group’s website, its CEO goes by “ManSonaly”. Despite its corporate description, Black X appears to be a ransomware extortion group operating worldwide.
It said it does not “disclose the client’s data if negotiations are successful,” which suggests that at some point it contacted the ANC after obtaining the member database and that the party refused to pay.
“If negotiations are rejected, we will disclose all of the client’s information,” it said. “We set prices lower than those of other service providers.”
Source: https://mybroadband.co.za/news/security/647594-anc-hit-by-data-breach-2-million-private-member-records-exposed.html?utm_source=newsletter
