A data breach at a Singtel vendor, has resulted in the leak of personal data of some 129,000 customers. Certain information of 23 businesses linked to Singtel, including suppliers and partners, were also compromised, said Singtel upon completion of its initial probe of this incident.
Singtel knew of the hacking attempts on the file sharing system of its vendor, Accellion, last December. In response, a series of “patches” were applied including the last one on Dec 27.
Yet, on Jan 23, Accellion, a privately-held, California-based cloud solutions provider, said a new vulnerability was found and that previous patches were of no use. Singtel took the system offline immediately.
On 30 January, Singtel’s attempt to patch the new vulnerability in the file sharing system triggered an anomaly alert. Accellion informed thereafter that the system could have been breached.
Singtel’s investigations later confirmed this and identified January 20 as the date the breach occurred. The file sharing system has been kept offline since January 23.
On 9 February, Singtel established that files were taken as a result of the breach and informed the public two days later on February 11.
SEE: Bharti Airtel board approves 20% acquisition in Bharti Telemedia
According to Singtel, which has started informing affected parties, bank account details of 28 former Singtel employees and credit card details of 45 staff of a corporate customer with Singtel mobile lines are also affected.
A large part of the leaked data includes Singtel’s internal information such as data logs, test data, reports and emails.
“While this data theft was committed by unknown parties, I’m very sorry this has happened to our customers and apologise unreservedly to everyone impacted," said Singtel’s group CEO Yuen Kuan Moon.
"Data privacy is paramount, we have disappointed our stakeholders and not met the standards we have set for ourselves,” he said.
“Given the complexity and sensitivity of our investigations, we are being as transparent as possible and providing information that is accurate to the best of our knowledge. We are doing our level best to keep our customers supported in mitigating the potential risks," he added.
Yuen stresses that Singtel’s own core operations and functions remain unaffected and sound and this incident involves a standalone system provided by a third-party vendor.
“Information security remains our highest priority and you have my commitment that we are conducting a thorough review of our systems and processes to strengthen them,” he added.
Singtel shares closed Feb 17 at $2.40, down two cents.