SINGAPORE: The personal information of nearly 130,000 Singtel customers, including their NRIC details, was stolen after a vendor's file sharing system was breached, the local telco said on Wednesday (Feb 17).
Singtel uses the system provided by US company Accellion to share information internally as well as with external stakeholders and organisations.
How did the breach happen? What information was stolen? And how do you know if your personal data has been exposed?
Here are six things to know about the breach.
1. WHAT HAPPENED?
The data breach occurred on a file-sharing system called File Transfer Appliance, a two-decade-old product that is provided by Accellion to a number of companies, including Singtel.
Singtel uses the system to share information internally as well as with external stakeholders and organisations.
Singtel said in its statement on Wednesday that Accellion's system was "the target of a sophisticated cyber attack exploiting a previously unknown vulnerability".
Other customers using the system were similarly impacted, added the local telco.
"While this data theft was committed by unknown parties, I’m very sorry this has happened to our customers and apologise unreservedly to everyone impacted," said Singtel Group CEO Mr Yuen Kuan Moon.
READ: Nearly 130,000 Singtel customers' personal information, including NRIC details, stolen in data breach
2. WHEN DID IT HAPPEN?
Singtel said it was first alerted by Accellion to a vulnerability against the system on Dec 23. It installed patches provided by Accellion to plug the vulnerability twice that month.
On Jan 23, however, Accellion advised that a new vulnerability had emerged that rendered patches previously applied in December ineffective.
Singtel said that it immediately took the system offline then.
On Jan 30, Singtel’s attempt to patch the new vulnerability triggered an "anomaly alert".
This was when Accellion informed Singtel that the system could have been breached.
Accellion said in a separate release earlier this month that the initial incident in December was the beginning of a "concerted cyberattack" on the system.
It later told Singtel that the breach likely occurred on Jan 20. Cyber and criminal investigations activated by Singtel later confirmed that the breach took place on Jan 20.
On Feb 9, Singtel established that customer information may have been compromised, and informed the public two days later on Feb 11.
On Wednesday, it provided more details on the information that had been stolen.
3. WHO HAS BEEN AFFECTED?
Nearly 130,000 Singtel customers have had their personal information stolen, including their NRIC numbers, and some combination of names, dates of birth, mobile numbers and addresses.
Bank account details of 28 former Singtel employees were also stolen, as were the credit card details of 25 staff members of a corporate customer with Singtel mobile lines.
"Some information" from 23 enterprises, including suppliers, partners and corporate customers, was also stolen. Singtel has said it is not able to provide more details on this for security reasons.
4. HOW DO YOU KNOW IF YOUR DATA HAS BEEN STOLEN?
Singtel said that affected individual customers will be notified either via email or post.
Those affected will be provided information on the personal details that were accessed, and how best they can manage the risks involved.
For corporate customers or enterprises, Singtel will contact their relevant representatives, the telco said. They will also be told what data were compromised, and how best to mitigate the risks involved.
5. WHAT SHOULD YOU DO IF YOU ARE AFFECTED?
Customers should be on heightened alert, said Candid Wuest, vice-president of Cyber Protection Research at software company Acronis.
"This information can now be used in follow-up attacks, so scammers could start sending personalised phishing emails to you, or they could impersonate you against others and therefore maybe even damage your own reputation," Wuest told CNA on Thursday.
Those affected by the breach should be vigilant for the next few weeks, and watch for attacks that misuse the stolen information.
Singtel recommends affected customers to take the following steps to guard against potential risks:
- Do not use your personal information in your password and change your passwords regularly
- Set your password in a way that makes it very hard for people to associate with you (eg, strong or complex password made up of alphanumeric characters and symbols)
- Stay vigilant against phishing attempts and monitor for any suspicious activity
- Never share your One-Time Password (OTP) with anyone, even your family members
Those that have been notified of their payment details being compromised can prevent misuse of this information by taking these recommended steps by Singtel:
- Check for any fraudulent activities and transactions on your credit card
- Inform the bank which issued your credit card that the details might have been compromised
- Immediately terminate and replace your credit card
- Cease using affected credit card number for your own transactions
Also, Singtel will never ask customers to disclose their passwords, said the telco.
6. WHAT IS SINGTEL DOING ABOUT THE BREACH?
A "detailed" forensic and criminal investigation is under way involving Singtel, cybersecurity experts, the Cyber Security Agency of Singapore and the police.
The telco is also conducting an impact assessment to determine the nature and extent of data that has been potentially accessed.
"We will notify all affected individuals and organisations once we identify which files relevant to them were illegally downloaded and assist them to manage the impact on themselves and their customers," said Singtel.
"We are conducting a thorough review of our processes and our file sharing protocols to further enhance our information security posture. Ensuring information is safe and secure remains a top priority."
Singtel added that it is appointing a global data and information service provider to provide identity monitoring services, which will be free for affected customers.
The service monitors public websites and non-public places on the internet and notifies users of any unusual activity related to their personal information.
Affected customers will be informed on how to sign up for the service.