Data of some 129,000 Singtel customers, including NRIC details, stolen in hack of third-party system

Some of the stolen information may have been put up on the dark web.
Some of the stolen information may have been put up on the dark web.PHOTO: ST FILE

SINGAPORE - The personal data of some 129,000 Singtel customers were extracted by hackers during the recent breach of a third-party file sharing system used by the telco.

Information such as names, addresses, phone numbers, identification numbers and dates of birth, in varying combinations, were stolen by attackers, said Singtel in a statement on Wednesday (Feb 17).

They also stole the bank account details of some 28 former Singtel employees, and the credit card details of 45 employees of a corporate customer, according to the statement.

Some of the stolen information may have been put up on the dark Web, on a site belonging to a group of ransomware hackers, The Straits Times has learnt.

Over 11GB of data, including payment details and e-mail exchanges, were leaked online this week by hackers from the Clop gang. 

The group had also uploaded stolen data from 25 other firms, and had asked – on their site – for $250,000 worth of bitcoin to “avoid this situation”, checks by ST found. 

ST understands that the information uploaded was linked to the stolen data originally stored in the Accellion file transfer appliance (FTA) system used by Singtel. The telco had earlier said that its FTA files were accessed illegally on Jan 20 this year.

Singtel said a large part of the leaked data included non-sensitive internal information like test data, reports, data logs and e-mails. Some information from 23 enterprises were also taken.

In the release on Wednesday, Singtel said it was "moving with urgency to reach out to all affected individual and corporate customers to keep them supported on how best to manage the variable risks involved".

The company has also appointed a data and information service provider to provide identity monitoring services at no cost to affected customers.

The service provider monitors public websites and non-public places on the Internet, and will notify users of any unusual activity related to their personal information.

Singtel has not identified the culprits behind the data theft.

Singtel Group chief executive Yuen Kuan Moon said on Wednesday : "I'm very sorry this has happened to our customers and I apologise unreservedly to everyone impacted. Data privacy is paramount, we have disappointed our stakeholders and not met the standards we have set for ourselves."

He said the company was being as transparent as possible, given the complexity and sensitivity of their investigations.

"I want to emphasise that our core operations and functions remain unaffected and sound and this incident involves a standalone system provided by a third-party vendor," said Mr Yuen.

"Information security remains our highest priority and you have my commitment that we are conducting a thorough review of our systems and processes to strengthen them."

Cyber security firm Kaspersky's Mr Vitaly Kamluk, who is the director for its global research and analysis team in the Asia-Pacific region, said it was rare for the Clop group to attack companies in Asia as it typically focused on the United States and European Union markets.

He added that companies should never accede to the demands of the criminals, and they should contact law enforcement agencies or security vendors to help fight them.