[ad_1]
SINGAPORE: The personal information of some 129,000 Singtel customers was stolen after a recent data breach of a third-party file-sharing system, the local telecommunications company said on Wednesday (February 17).
Singtel completed initial investigations into the breach and established which files on the Accellion File Transfer Device (FTA) were illegally accessed, the company said in a press release.
READ: Singtel provider hacked, customer information ‘may have been compromised’
The personal information collected includes the NRIC numbers of some 129,000 customers and a combination of names, dates of birth, mobile phone numbers and addresses, Singtel said.
In addition, the bank account details of 28 former Singtel employees and the credit card details of 45 staff members of a corporate customer with Singtel mobile lines were taken.
“Some information” was also stolen from 23 companies, including suppliers, partners and corporate customers.
The company has begun to notify all affected individuals and companies to help them and their staff manage the potential risks involved and take appropriate follow-up actions, he said.
Singtel’s Group CEO Yuen Kuan Moon said: “While this data theft was committed by unknown persons, I am very sorry that this happened to our customers and I fully apologize to all those affected.
“Data privacy is paramount, we have disappointed our shareholders and we have not met the standards we have set for ourselves.
“Given the complexity and sensitivity of our investigations, we are being as transparent as possible and providing information that is accurate to the best of our knowledge. We are doing our best to keep our clients supported in mitigating potential risks.”
Singtel said that a “large part” of the leaked data includes its “internal information that is not sensitive,” such as data records, test data, reports and emails.
“SOPHISTICATED” CYBER ATTACK AT THE ACCELION
Accellion FTA, which Singtel used as a third-party file-sharing system, was the target of a “sophisticated” cyber attack that exploits a “previously unknown vulnerability,” the telecommunications company said.
When first alerted to exploits against the system in December last year, Singtel “quickly applied” a series of patches provided by Accellion to “cover the vulnerability,” he said. The last patch was on December 27 of last year.
On January 23, Accellion reported that a new vulnerability had emerged that made previous patches previously applied in December ineffective.
Singtel immediately shut down the system and the FTA system remained offline since January 23, the company said.
“On January 30, Singtel’s attempt to patch the new vulnerability in the FTA system triggered an anomaly alert. Accellion has reported thereafter that the system may have been breached,” Singtel said.
Investigations by the telecommunications company later confirmed the violation and identified January 20 as the date it had occurred.
“On February 9, Singtel established that the files were taken as a result of the breach and informed the public two days later, on February 11,” the company said.
This is a story in development. Please update for updates.