SINGAPORE — Singtel said on Wednesday (17 February) that the personal information of about 129,000 customers has been stolen due to a recent breach of a third-party file sharing system that it had used.
The personal data includes NRIC and some combination of name, date of birth, mobile number, address.
The bank account details of 28 former Singtel employees, credit card details of 45 staff of a corporate customer with Singtel mobile lines and some information from 23 enterprises were also compromised.
Singtel said it has completed initial investigations into the breach of the Accellion system and has begun reaching out to affected stakeholders.
“While this data theft was committed by unknown parties, I’m very sorry this has happened to our customers and apologise unreservedly to everyone impacted. Data privacy is paramount, we have disappointed our stakeholders and not met the standards we have set for ourselves,” said Singtel’s Group CEO Yuen Kuan Moon.
Yuen stressed that Singtel’s core operations are unaffected by the breach. “Information security remains our highest priority and you have my commitment that we are conducting a thorough review of our systems and processes to strengthen them.”
Singtel is appointing a global data and information service provider to provide free identity monitoring services to affected customers to help them manage potential risks.
Accellion was the target of a sophisticated cyber attack exploiting a previously unknown vulnerability.
When first alerted to exploits against the system last December, Singtel applied patches provided by Accellion to plug the vulnerability, the last patch being 27 December.
On 23 January, Accellion advised that a new vulnerability had emerged that rendered patches previously applied in December ineffective. Singtel immediately took the system offline.
On 30 January, Singtel’s attempt to patch the new vulnerability in the system triggered an anomaly alert. Accellion informed thereafter that the system could have been breached. Singtel’s investigations later confirmed this and identified 20 January as the date the breach occurred.
The system has been kept offline since 23 January. On 9 February, Singtel established that files were taken as a result of the breach and informed the public two days later on 11 February.
Stay in the know on-the-go: Join Yahoo Singapore's Telegram channel at http://t.me/YahooSingapore
More Singapore stories: