Cyber-security wake-up call

Last Thursday, French life insurance company AXA sent out notices informing some 5,400 customers that their personal data had been stolen in a cyber attack.

In particular, the customers' e-mail addresses, mobile numbers and dates of birth were exposed after the attack on its Health Portal.

Even though AXA said that the stolen data, by itself, would not result in identity theft, security experts advised people to change their passwords if they had used their birth dates for the purpose.

The affected customers would also be susceptible to phishing, where cyber criminals try to trick victims into revealing data such as e-banking usernames and passwords.

In fact, AXA said phishing attempts targeted at these customers "in the past few months" could be connected to the cyber attack.

People should be wary of clicking on embedded links, which may introduce malware into their computers to steal data. They should also not send personal particulars via e-mail or text messages - even if the other party appears to be legitimate.

Cyber attacks have become more rampant. In April, hackers broke into the networks of the National University of Singapore and Nanyang Technological University, presumably to steal government-related data. Just two months earlier, the personal data of 850 national servicemen and Defence Ministry staff was stolen.

Israeli cyber security threat monitor CyberInt said Singapore is the fifth-biggest global target for phishing attacks, after the United States, Britain, the Philippines and Russia.

Everyone plays a part to ensure a safe digital journey. Besides securing their IT systems and processes, all organisations should also promptly inform customers when a breach occurs, so that customers can take immediate action to protect themselves. In its own way, the AXA incident is a timely wake-up call.

A version of this article appeared in the print edition of The Straits Times on September 13, 2017, with the headline 'Cyber-security wake-up call'. Print Edition | Subscribe