129,000 Singtel users' data stolen in breach

Incident linked to recent hack of telco's third-party vendor; 11GB of data leaked online this week

A screen grab of a website hosted on the Dark Web showing the stolen Singtel data being uploaded.
A screen grab of a website hosted on the Dark Web showing the stolen Singtel data being uploaded.

The personal data of some 129,000 Singtel customers was extracted by hackers during the recent breach of a third-party file-sharing system used by the telco.

Information such as names, addresses, phone numbers, identification numbers and dates of birth were taken, in varying combinations, by attackers, who also stole the bank account details of some 28 former Singtel employees, Singtel said in a statement yesterday.

Some of the stolen information may have been put up on the Dark Web, on a site belonging to a group of ransomware hackers, The Straits Times (ST) has learnt.

Over 11GB of data, including payment details and e-mail exchanges, was leaked online this week by hackers from the Clop ransomware group. The group had also uploaded stolen data from 25 other firms, and had asked - on its site - for $250,000 worth of bitcoin to "avoid this situation", checks by ST found.

ST understands that the information uploaded was linked to the stolen data originally stored in the Accellion File Transfer Appliance (FTA) system used by Singtel. The telco had earlier said its FTA files were accessed illegally on Jan 20.

Singtel said a large part of the leaked data included non-sensitive internal information such as test data, reports, data logs and e-mails. Some information from 23 enterprises was also taken, along with the credit card details of 45 staff of a corporate customer.

In its statement yesterday, Singtel said it was "moving with urgency to reach out to all affected individual and corporate customers to keep them supported on how best to manage the variable risks involved".

The company has also appointed a data and information service provider to provide identity monitoring services for free to affected customers.

The service provider monitors public websites and non-public places on the Internet, and will notify users of any unusual activity related to their personal information.

Singtel has not identified the culprits behind the data theft.

Singtel Group's chief executive Yuen Kuan Moon said yesterday: "I'm very sorry this has happened to our customers and I apologise unreservedly to everyone impacted. Data privacy is paramount, we have disappointed our stakeholders and not met the standards we have set for ourselves."

He said the company was being as transparent as possible, given the complexity and sensitivity of its investigations.

"I want to emphasise that our core operations and functions remain unaffected and sound, and this incident involves a standalone system provided by a third-party vendor," said Mr Yuen.

"Information security remains our highest priority, and you have my commitment that we are conducting a thorough review of our systems and processes to strengthen them."

On the related data leak by Clop, Mr Vitaly Kamluk, director of global research and analysis for Asia-Pacific at cyber-security firm Kaspersky, said it was rare for Clop to target companies in Asia, as it typically focused on United States and European Union markets.

He added that companies should never accede to the demands of criminals, and they should contact law enforcement agencies or security vendors to help fight them.

A version of this article appeared in the print edition of The Straits Times on February 18, 2021, with the headline '129,000 Singtel users' data stolen in breach'. Subscribe