StarHub finds personal information of more than 57,000 customers on third-party data dump site

SINGAPORE: StarHub said on Friday (Aug 6) that personal information - including identity card numbers and mobile numbers - of more than 57,000 customers were found on a third-party data dump website last month.

The breach was discovered during online surveillance by StarHub's cybersecurity team on Jul 6, 2021. 

The team found an illegally uploaded file containing "limited types of personal information related to certain individual customers", said StarHub in a statement. 

Based on investigations to date, the data file contained identity card numbers, mobile numbers, as well as email addresses belonging to 57,191 customers, said StarHub. These customers had subscribed to StarHub services before 2007, the telco added. 

"The personal data appears to be around 14 years old. No credit card or bank account information is at risk and no StarHub information systems or customer database are compromised," said the company. 

There was also no indication so far that any data in the document had been "maliciously misused" it added. 

"Data security and customer privacy are serious matters for StarHub, and I apologise for the concern this incident may be causing our affected customers," said StarHub CEO Nikhil Eapen.  

"We will be transparent and will keep our customers updated. We will provide support to those affected,” said Mr Eapen. 

StarHub said it put in place measures on Jul 6 to protect its customers' interests. 

An incident management team was activated to access and contain the situation. The company also engaged a team of digital forensic and cybersecurity experts to launch an investigation. 

Starhub said it also "attempted" to have the document from the data dump site and took "immediate and appropriate" actions to review existing security measures to protect "core infrastructure and systems". 

The company is working closely with cybersecurity experts and the relevant authorities on this matter, it said.

Affected customers will be notified via email by Aug 20.

The company is also offering affected customers six months of complimentary credit monitoring service through the Credit Bureau Singapore. 

Affected customers are encouraged to sign up for the service after they receive the email notification, even though there is "no evidence to-date that the said data has been used inappropriately", said StarHub.