Everything About the Singtel Data Breach That Affected 129K Singtel Customers

On 11 Feb 2021, Singtel released a media statement, stating that their customer data might have been compromised.

A third-party file-sharing system used by Singtel, Accellion, had been hacked.

Singtel said they would be carrying out investigations to ascertain the extent of the data breach, as it was unclear how serious it was.

Well, now we know the answer, and it isn’t pretty.

Everything About the Singtel Data Breach That Affected 129K Singtel Customers

Around 129,000 unlucky Singtel customers have had their personal information extracted by hackers during the recent breach of Accellion.

The personal data included names, addresses, phone numbers, identification numbers, and dates of birth, according to The Straits Times.

But that’s not all the hackers got.

They also stole the bank account details of some 28 former Singtel employees, and the credit card details of 45 employees of a corporate customer.

The stolen data is believed to have been put up on a ransomware site on the dark web. One such site, Clop, leaked over 11GB of data online this week, including payment details and e-mail exchanges.

The same group on Clop stole data from 25 other firms, and had asked on their site for $250,000 worth of bitcoin to “avoid this situation”.

Most of the Leaked Data Was Non-Sensitive Internal Information

The good news is that most of the data leaked was non-sensitive internal information like test data, reports, data logs, and e-mails, Singtel said.

While it has not yet identified the culprits behind the data breach, Singtel said it will reach out to all the affected individual and corporate customers and instruct them on how to manage the risks.

It has also appointed a data and information service provider that will notify customers of any unusual activity related to their personal information.

Affected customers will not have to pay for this service, of course.

Singtel Group CEO Yuen Kuan Moon apologised for the breach on Wednesday (Feb 17).

“I’m very sorry this has happened to our customers and I apologise unreservedly to everyone impacted. Data privacy is paramount, we have disappointed our stakeholders and not met the standards we have set for ourselves.”

Not The First Time

This isn’t the first time Singtel has had a data breach.

On 11 Feb last year, the Personal Data Protection Commission (PDPC) revealed that Singtel was one of seven organisations fined for “flouting the data protection law”.

Then, they were fined S$9,000 for a breach involving the My Singtel app.

Feature Image: Tang Yan Song / Shutterstock.com