SINGAPORE – The personal data of nearly 79,400 mobile subscribers of MyRepublic here was accessed by hackers, the mobile operator and Internet service provider said on Friday (Sept 10).
This is the latest incident in a string of cyber attacks in recent months.
The details stolen were identity verification documents related to customer applications for mobile services.
For affected Singaporeans, permanent residents and employment and dependent pass holders, the data accessed included scanned copies of both sides of their NRICs.
Documents such as scanned copies of utility bills that confirm the residential address of foreigners who are MyRepublic subscribers were also accessed.
Customers who ported an existing mobile service had their names and mobile numbers accessed.
The Internet service provider said that there is currently no indication that other personal data, such as account or payment information, was affected.
No MyRepublic systems were compromised and there was no operational impact on MyRepublic’s services, the company said.
It said that on Aug 29, it discovered the unauthorised data access on a third-party data storage platform used to store the personal data of the mobile customers.
The unauthorised access to the data storage facility has since been secured, said the mobile operator.
Its cyber incident response team has also been activated, including a team of external expert advisers such as KPMG, to work closely with MyRepublic’s internal information technology and network teams to resolve the incident.
MyRepublic has notified the Infocomm Media Development Authority and the Personal Data Protection Commission of the issue.
“The privacy and security of our customers are extremely important to us at MyRepublic,” said MyRepublic chief executive Malcolm Rodrigues in a statement.
“Like you, we are disappointed with what has happened, and I would like to personally apologise for any inconvenience caused.
“My team and I have worked closely with the relevant authorities and expert advisers to secure and contain the incident, and we will continue to support our affected customers every step of the way to help them navigate this issue.”
Last month, a ransomware attack affected the personal data and clinical information of nearly 73,500 patients of a private eye clinic.
At the time, it was the third such reported incident in August.
The information included names, addresses, identity card numbers, contact details and clinical information such as patients’ clinical notes and eye scans, said Eye & Retina Surgeons on Aug 25.
On Aug 16, insurer Tokio Marine Insurance Singapore said it was hit by a ransomware attack.
It said at the time that there was no indication of a breach of customer information nor confidential information of the Tokio Marine Group.
On Aug 19, The Business Times reported that Singapore-based tech company Pine Labs fell victim to ransomware too.
The firm is a Temasek-backed payments platform.
Hackers were said to have stolen confidential documents between Pine Labs and several Indian banks, and held the information hostage.