[ad_1]
SINGAPORE – Hackers extracted the personal data of some 129,000 Singtel customers during the recent breach of a third-party file-sharing system used by the telecommunications company.
The attackers stole information such as names, addresses, phone numbers, identification numbers and dates of birth, in various combinations, Singtel said in a statement on Wednesday (February 17).
They also stole the bank account details of some 28 former Singtel employees and the credit card details of 45 employees of a corporate client, according to the statement.
Some of the stolen information may have been placed on the dark web, on a site that belongs to a group of ransomware hackers, The Straits Times has discovered.
More than 11GB of data, including payment details and email exchanges, was leaked online this week by hackers from the Clop gang.
The group had also uploaded stolen data from 25 other companies and had asked, on its site, for $ 250,000 in bitcoins to “avoid this situation,” ST controls found.
ST understands that the uploaded information was linked to the stolen data originally stored in the Accellion File Transfer Device (FTA) system used by Singtel. The telecommunications company had previously said that its FTA files were illegally accessed on January 20 of this year.
Singtel said that a large part of the leaked data included non-sensitive internal information such as test data, reports, data logs and emails. Information was also taken from 23 companies.
In Wednesday’s statement, Singtel said it was “moving urgently to reach all affected individual and corporate clients to keep them supported on how best to manage the variable risks involved.”
The company has also appointed an information and data service provider to provide identity monitoring services at no cost to affected customers.
The service provider monitors public websites and non-public places on the Internet, and will notify users of any unusual activity related to their personal information.
Singtel has not identified the culprits of the data theft.
Singtel Group Chief Executive Officer Yuen Kuan Moon said on Wednesday: “I am very sorry that this has happened to our customers and I unreservedly apologize to all those affected. Data privacy is paramount, we have disappointed our shareholders and We have not met the standards we have set. We ourselves. “
He said the company was being as transparent as possible, given the complexity and sensitivity of its investigations.
“I want to emphasize that our core operations and functions are unaffected and robust, and this incident involves an independent system provided by a third-party vendor,” said Mr. Yuen.
“Information security continues to be our top priority and you are committed to us that we are conducting a comprehensive review of our systems and processes to strengthen them.”
Vitaly Kamluk of cybersecurity firm Kaspersky, who is the director of its global research and analysis team in the Asia-Pacific region, said that it was rare for the Clop group to attack companies in Asia as it generally focused on in the United States and the European Union. Markets.
He added that companies should never agree to criminal lawsuits and should contact law enforcement agencies or security providers to help fight them.
[ad_2]
