Singapore’s largest telco, Singtel has confirmed that the personal details of approximately 129,000 customers were leaked due to a cyberattack on a third-party file-sharing system that the company uses. The telco first made the incident known to the public last week and has just completed its initial investigations into what data was compromised via the attack.
The leaked information of the 129,000 customers is NRIC (National Registration Identity Card) details and some combination of name, date of birth, mobile number, and address. Also compromised are bank account details of 28 former Singtel employees, credit card details of 45 personnel from a corporate customer with Singtel mobile lines, and other unspecified information from 23 enterprises, which includes suppliers, partners, and corporate customers.
Singtel Group CEO Mr Yuen Kuan Moon apologised “unreservedly” to all those impacted by the breach, adding that, “Data privacy is paramount, we have disappointed our stakeholders and not met the standards we have set for ourselves.”
At the heart of the problem was a 20-year-old file-sharing system called FTA that Singtel used right up to the data breach. US-based Accellion, the product’s developer, described FTA as a legacy software that is nearing the end of its life and over the years has encouraged all FTA customers to migrate to the company’s latest enterprise firewall platform, kiteworks.
Singtel was not the only firm to suffer a cyberattack through its use of FTA, however. According to ZDNet, other recent victims of FTA-related hacks include the Reserve Bank of New Zealand, the Australian Securities and Investments Commission, the University of Colorado, and the Washington State Auditor Office.