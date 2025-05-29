SINGAPORE: Data handling service provider DataPost is in the early stages of investigating an alleged ransomware attack, the Singapore-based company said on Thursday (May 29).

DataPost, which works with government agencies and financial institutions, among others, told CNA its investigations "will take time to complete".

In response to queries from CNA, a spokesperson from the Personal Data Protection Commission (PDPC) said that it is aware of the case and is also investigating.

In ransomware attacks, threat actors typically use malicious software to encrypt files on servers, then demand a ransom in exchange for unlocking these files.

The alleged attack on DataPost was recorded on May 26 and flagged the next day by infosecurity blog RedPacket Security and cybersecurity platform HookPhish.

The breach led to data exfiltration, or the unauthorised transfer of data, and appeared to involve multiple tools and personnel, suggesting a coordinated attack, according to RedPacket Security.

The threat group was identified as "direwolf", and allegedly used various infostealers – or malicious software that breaches computer systems – to gather the data.

CNA has contacted DataPost for further comment on the scale and severity of the attack.

DataPost provides e-invoicing services to financial institutions, insurance companies, telecommunication companies and government agencies in Singapore and Malaysia.

It handles over 40 million documents per month, according to its website.

The company said its facilities are audited annually by banks and third-party auditors to ensure compliance with data security and operational security requirements.

Singapore's Infocomm Media Development Authority (IMDA) has accredited DataPost as the service provider for InvoiceNow, a nationwide e-invoicing network.

Through InvoiceNow, companies can transmit e-invoices in a standard digital format across different finance systems.

DataPost told CNA that it will comply with all regulatory obligations throughout the course of the investigation.

"We take the security of our data very seriously and will continue to take all necessary steps to address this situation," it said.