Ransomware attack exposes customer data at DBS, Bank of China Singapore

About 8,200 DBS customer statements were potentially compromised.

A ransomware attack on Toppan Next Tech (TNT) has compromised customer data from DBS Bank and Bank of China Limited (Singapore branch), the Cyber Security Agency of Singapore (CSA) and the Monetary Authority of Singapore (MAS) confirmed.

No login details were accessed, but affected banks are enhancing account monitoring and prioritizing customer notifications.

On 5 April, DBS Bank confirmed that around 8,200 customer statements were potentially compromised after a ransomware attack on its vendor, Toppan Next Tech (TNT), which handles printing of customer letters.

The breach primarily affects DBS Vickers and Cashline loan account holders. No unauthorized transactions or breaches within DBS systems have been found, and customer funds remain secure.

TNT’s preliminary investigation shows that the affected statements, dated from December 2024 to February 2025, contained personal information such as names, addresses, and account details for equities and loans. However, no sensitive data like passwords or balances was exposed.

DBS has halted all printing jobs with TNT and is monitoring accounts for suspicious activity. Customers who registered email addresses will be notified by 6 April, with physical mail sent to others.

The bank has assured that it is taking all necessary steps to protect customer data.

Meanwhile, CSA said it is assisting TNT with investigations and containment, whilst MAS is coordinating with the banks on risk mitigation efforts.

CSA also urges organisations to follow its advisory to prevent and address ransomware threats.