Singtel confirms 2020 data breach after cyber-attack on Optus

S

Just weeks after Optus revealed that the records of 10 million customers had been compromised in a data breach, its parent company, Singtel, is dealing with two of its own data hacks.

Singtel confirmed that a Friday post on a data leak forum contained information obtained from Singtel in a cyber-attack in 2020. It was the same forum where a user last month threatened to release Optus’s stolen data.

In February 2021, Singtel reported that a file transfer application called Accellion FTA it used had a zero-day vulnerability that had been exploited by hackers in late 2020 to obtain Singtel files.

The company suspended the use of the system when it became aware of the breach in February last year, and had been assessing what data had potentially been compromised.

Singtel determined at the time that the personal information of 129,000 customers and 23 businesses had been exposed in the breach.

It determined that data exposed included National Registration Identity care information, name, date of birth, mobile numbers and addresses. For 28 former Singtel staff their bank account details were exposed, and the credit card details of 45 staff of a corporate customer were exposed.

Singtel informed those affected, but the post on the data leak forum is believed to be the first time the data has purportedly been posted online.

Separately, Singtel reported to the Singapore stock exchange on Monday that Dialog, an Australian IT services company which is a subsidiary of a subsidiary of SingTel was also subject of a cyber-attack, in which a third party could have accessed the data of 20 clients and 1,000 current and former employees.

The activity was detected on the company’s servers on 10 September and on Friday 7 October, the company found that a “very small sample” of Dialog’s data, including some employee personal information, had been published on the dark web.

“We are doing our utmost to address the situation and, as a precaution, we are actively engaging with potentially impacted stakeholders to share information, support and advice,” Singtel said.

In the case of both breaches, Optus customer data was not affected, the company said.

It is three weeks since the Optus breach was reported, leading to a push to overhaul cybersecurity and privacy law in Australia, with the government looking at ways to reduce the amount of private information companies hold on citizens.

About the author

Marta Lopez

I am a content writer and I write articles on sports, news, business etc.

By Marta Lopez

Categories

Get in touch

Content and images available on this website is supplied by contributors. As such we do not hold or accept liability for the content, views or references used. For any complaints please contact adelinedarrow@gmail.com. Use of this website signifies your agreement to our terms of use. We do our best to ensure that all information on the Website is accurate. If you find any inaccurate information on the Website please us know by sending an email to adelinedarrow@gmail.com and we will correct it, where we agree, as soon as practicable. We do not accept liability for any user-generated or user submitted content – if there are any copyright violations please notify us at adelinedarrow@gmail.com – any media used will be removed providing proof of content ownership can be provided. For any DMCA requests under the digital millennium copyright act
Please contact: adelinedarrow@gmail.com with the subject DMCA Request.