Personal data of 128,000 customers of moneylenders stolen after IT vendor hacked
The stolen data includes customers' names, NRIC numbers and loan information. These details have since appeared on several websites, says the Ministry of Law.
SINGAPORE: The personal information of about 128,000 customers of moneylenders has been stolen after a third-party IT vendor was hacked.
The Ministry of Law (MinLaw) on Thursday (Jul 25) confirmed the data breach involved the borrower data of 12 licensed moneylenders that are using the services of Ezynetic, a third-party IT vendor they engaged.
Ezynetic's system is not hosted on or linked to the government's network, said MinLaw, which is the regulator of licensed moneylenders.
The ministry added that Ezynetic's system was "accessed by a malicious actor" and data containing "personal identifiable information" was leaked.
In response to CNA's query, MinLaw said the compromised data included the names and NRIC numbers of borrowers, as well as loan information.
"The data has appeared on several sites. Affected borrowers have been advised to be on the alert for phishing and other scam attempts using the compromised data," said the ministry.
The 12 moneylenders are Ban King Credit, Credit 21, Lending Bee, Katong Credit, Credit Thirty3, GS Credit, 1AP Capital, Creditmaster, BST Credit, U Credit, Horison Credit and Credit Matters.Â
The moneylenders and Ezynetic have made reports to the police, the Cyber Security Agency of Singapore (CSA) and the Personal Data Protection Commission (PDPC).
They have started notifying their borrowers of the breach and have reminded them to stay vigilant against possible phishing scams, MinLaw said.Â
Eight other licensed moneylenders that use Ezynetic's services were not affected.
As a containment measure, Credit Bureau Singapore (CBS) has restricted access to the platform for all 20 licensed moneylenders served by Ezynetic.
Credit Bureau Singapore is the designated credit bureau that operates the Moneylenders Credit Bureau (MLCB) platform - a central repository of data on borrowers’ loans and repayment records with all licensed moneylenders in Singapore.
MLCB’s online functions remain fully available to the other 133 licensed money lenders in Singapore. Borrowers with queries may reach out to the respective licensed moneylenders for more information.
The ministry said it takes a serious view of the data breach.
"The licensed moneylenders have a duty to protect any information in its possession or control. This includes information residing on their third-party vendor systems.
"MinLaw is investigating the matter with CSA and PDPC. MinLaw is also in close contact with Credit Bureau Singapore to support affected licensed moneylenders' business recovery efforts."