Contents:
Singapore-based mobile operator and Internet service provider MyRepublic revealed today that the personal information of almost 79,400 mobile subscribers was potentially accessed by threat actors, making it the latest incident in a string of cyberattacks in recent months.
What Happened?
In a press release, the company stated that the unauthorized data access took place on a third-party data storage platform used to store the personal data of MyRepublic’s mobile customers.
The Internet service provider also revealed that customers who ported an existing mobile service had their names and mobile numbers accessed.
Malcolm Rodrigues, MyRepublic CEO added:
The privacy and security of our customers are extremely important to us at MyRepublic. Like you, we are disappointed with what has happened, and I would like to personally apologize for any inconvenience caused. My team and I have worked closely with the relevant authorities and expert advisors to secure and contain the incident, and we will continue to support our affected customers every step of the way to help them navigate this issue.
What Data Was Stolen?
According to MyRepublic’s investigation, the unauthorized access impacted no less than 79,388 mobile subscribers based in Singapore. The affected data storage platform contained identity verification documents related to customer applications for mobile services, including:
- For affected Singapore citizens, permanent residents, and employment and dependent pass holders — scanned copies of both sides of NRICs;
- For affected foreigners — proof of residential address documents (e.g. scanned copies of a utility bill);
- For affected customers porting an existing mobile service — name and mobile number.
There is no indication that other personal data, such as account or payment information, were affected. No MyRepublic systems were compromised and there was no operational impact on MyRepublic’s services.
Mr. Rodrigues announced that
While there is no evidence that any personal data has been misused, as a precautionary measure, we are contacting customers who may be affected to keep them informed and provide them with any support necessary. We are also reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again.
Although at the moment there is no clear evidence that any personal data has been misused, MyRepublic will offer all impacted customers a complimentary credit monitoring service through Credit Bureau Singapore.
MyRepublic has notified the Infocomm Media Development Authority and the Personal Data Protection Commission of the incident and will continue to cooperate with the authorities. The commission replied that it is aware of the attack and has contacted MyRepublic for additional information.
The company has also activated its cyber incident response team, which includes a team of external expert advisors like KPMG in Singapore, to work closely with MyRepublic’s internal IT and Network teams to resolve the incident.