MAS warns stolen SingHealth data could be used in bank fraud

Financial institutions are discouraged from relying on the stolen information for customer verification.

The Monetary Authority of Singapore has urged financial institutions to tighten customer verification processes in light of the recent cyberattack at government public health database SingHealth wherein the personal information of 1.5 million individuals including the Prime Minister were illegally accessed.

All financial institutions are discouraged from relying on the information stolen from the attack (name, NRIC number, address, gender, race and birth date) for verifying customer identities. Additional information like One-Time password, PIN, biometrics and last transaction date is needed before transactions can be performed on behalf of the customer, the de-facto central bank said in a statement.

“MAS has also directed all financial institutions to conduct a risk assessment of the impact of the SingHealth incident on their existing control measures for financial services offered to customers, including transaction and inquiry functions,” it added.

Customers should also remain vigilant by safeguarding passwords, notifying banks in case of suspicious activity and practising good cyber hygiene, added Tan Yeow Seng, MAS chief cybersecurity officer.

On its part, OCBC is working overtime to tighten its customer verification process in line with the directive. “We have in place a set of rigorous authentication measures to validate our customer’s identity before proceeding with the request. However, to combat the risks arising from the SingHealth incident, we have further enhanced our customer verification process to prevent any unauthorised financial transactions,” said Koh Ching Ching, head, group corporate communications at OCBC Bank.

"At UOB, we are committed to protecting our customers from cybersecurity threats. We remain vigilant and are constantly monitoring developments and enhancing our systems to ensure that we detect and respond to potential cybersecurity risks and threats promptly," a UOB spokesperson said.

The spokesperson added that customers should also work with banks in safeguarding data.

"We remind our customers that UOB does not send unsolicited SMS or emails asking them to provide their personal or account details."

Also Read

iFAST Corp net profit leaps nearly five times over in Q1

Fullerton Fund Mgmt, UNDP working on sustainable management framework

Since you're here...

...there are many ways you can work with us to advertise your company and connect to your customers. Our team can help you dight and create an advertising campaign, in print and digital, on this website and in print magazine.

We can also organize a real life or digital event for you and find thought leader speakers as well as industry leaders, who could be your potential partners, to join the event. We also run some awards programmes which give you an opportunity to be recognized for your achievements during the year and you can join this as a participant or a sponsor.

Let us help you drive your business forward with a good partnership!

I want to download the media kit