Hackers possibly stole personal data of 79,400 MyRepublic customers including copies of NRICs
Add BT as a preferred source[SINGAPORE] The personal data of nearly 79,400 mobile subscribers of MyRepublic here was potentially accessed by hackers, the mobile operator and Internet service provider said on Friday (Sept 10).
This is the latest incident in a string of cyber attacks in recent months.
The details stolen were identity verification documents related to customer applications for mobile services.
MyRepublic said hackers may have accessed data including scanned copies of both sides of the NRICs belonging to Singaporeans and permanent residents, and other personal data of employment and dependent pass holders.
An NRIC contains information including name, date of birth and home address. The NRIC number could be used to access official sites.
As for foreigners who are MyRepublic subscribers, hackers could have taken documents such as scanned copies of utility bills that confirm their residential addresses.
Navigate Asia in
a new global order
Get the insights delivered to your inbox.
Customers who ported an existing mobile service had their names and mobile numbers accessed, said the Internet service provider.
However, it added that there is currently no indication that other personal data, such as account or payment information, was affected.
MyRepublic systems were not compromised and there was no operational impact on MyRepublic's services, the company said.
On Aug 29, the firm discovered the unauthorised data access on a third-party data storage platform used to store the personal data of the mobile customers.
The unauthorised access to the data storage facility has since been secured, said the mobile operator.
Its cyber incident response team has also been activated, including a team of external expert advisers such as KPMG, to work closely with MyRepublic's internal information technology and network teams to resolve the incident.
MyRepublic has notified the Infocomm Media Development Authority and the Personal Data Protection Commission of the issue.
Apologising for the inconvenience caused by the incident, MyRepublic chief executive Malcolm Rodrigues said in a statement that the company is contacting customers and "will continue to support our affected customers every step of the way to help them navigate this issue"."We are also reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again," he added.
While there is no evidence that any personal data has been misused for now, MyRepublic said it will offer all affected customers a complimentary credit monitoring service through Credit Bureau Singapore.
Under the service, the bureau will monitor customers' credit reports and alert them of any suspicious activity.
The maximum fine for a data breach is $1 million.
But firms can soon be fined more - up to 10 per cent of their annual turnover in Singapore or $1 million, whichever is higher.
The higher fine is slated to take effect at least 12 months from Feb 1 this year.
The MyRepublic attack comes after other mobile operators here were impacted by data breaches.
Last month, StarHub said that the identity card numbers, mobile numbers and e-mail addresses belonging to nearly 57,200 customers had been leaked online.
In February, Singtel revealed that the personal data of 129,000 of its customers was extracted by hackers during a breach of Accellion's file-sharing service, which is used by the telco.
There were also at least three reported ransomware attacks last month. One affected the personal data and clinical information of nearly 73,500 patients of a private eye clinic.
The information included names, addresses, identity card numbers, contact details and clinical information such as patients' clinical notes and eye scans, said Eye & Retina Surgeons on Aug 25.
On Aug 16, insurer Tokio Marine Insurance Singapore said it was hit by a ransomware attack.
It said at the time that there was no indication of a breach of customer information and confidential information of the Tokio Marine Group.
On Aug 19, The Business Times reported that Singapore-based tech company Pine Labs fell victim to ransomware too.
The firm is a Temasek-backed payments platform.
Hackers were said to have stolen confidential documents between Pine Labs and several Indian banks, and held the information hostage.
READ MORE: Singtel says standalone third-party file-sharing system hacked
Decoding Asia newsletter: your guide to navigating Asia in a new global order. Sign up here to get Decoding Asia newsletter. Delivered to your inbox. Free.
Share with us your feedback on BT's products and services
