Singtel data breach compromises privacy of nearly 130,000 customers

The telecommunications firm has reached out to affected customers and former employees.

Personal data of nearly 130,000 Singtel customers was stolen in a data breach, the telecommunications firm bared on 17 February.

Initial investigation on cybersecurity attacks on Singtel has concluded, allowing the company to establish which files were accessed illegally through the FTA file sharing system provided by third-party Accellion.

In a disclosure dated 17 February, Singtel revealed that 23 enterprises, 45 staff of a corporate customer, 129,000 customers, and 28 former Singtel employees as victims of the data breach.

The enterprises include suppliers, partners and corporate customers of Singtel, who have had their data logs, test data, reports, and emails leaked.

The perpetrator of the attacks is not yet identified.

“While this data theft was committed by unknown parties, I’m very sorry this has happened to our customers and apologise unreservedly to everyone impacted. Data privacy is paramount, we have disappointed our stakeholders and not met the standards we have set for ourselves,” said Singtel's Group CEO Yuen Kuan Moon.

In a disclosure dated 11 February, Singtel said the data breach was an “isolated incident involving a standalone third-party system” and that its core operations were unaffected.

Singtel became aware of the attacks against the FTA system in December 2020, and applied a series of patches provided by Accellion on December 27. However, new vulnerabilities continued to emerge. The telecommunications firm took the system offline on 23 January as it proceeded to investigate with the Cyber Security Agency of Singapore and other cyber security experts.