Personal information of over 57,000 customers was found to be leaked, including national identity card numbers, mobile numbers and email addresses
Last week, Singaporean telco StarHub announced that it had found data from over 57,000 of its customers on a third-party data dump site during routine online surveillance back in July.
The data breach contained personal information for over 57,000 customers, including their including national identity card numbers, mobile numbers and email addresses. Financial information was reportedly not at risk, though affected customers are being offered six months of free credit monitoring.
The data discovered was at least 14 years old, with the company saying that it had not discovered any misuse of the data so far. Nonetheless, digital forensic and cybersecurity experts are currently investigating the breach, the results of which will be revealed in due course.
StarHub says they are in the process of progressively emailing the relevant customers to inform them of the breach, a process that the company says will take roughly two weeks.
"As far as we are aware, this is an isolated incident which involved a data file that contains limited types of information belonging to certain individual customers,” StarHub corporate communications assistant VP Cassie Fong told The Register. “As part of our efforts to rectify the situation, we have investigated and verified the integrity of our network infrastructure. There is no evidence that StarHub’s information systems are compromised.”
Data protection legislation is less strict in Singapore than in some other markets, such as Europe, but breaches of this magnitude could still carry significant financial penalties. Contravening the Personal Data Protection Act 2012 carries penalties of a S$1 million (~$737,000) or 10% of annual local turnover, whichever is greater.
"Data security and customer privacy are serious matters for StarHub, and I apologise for the concern this incident may be causing our affected customers. We will be transparent and will keep our customers updated,” said StarHub CEO Nikhil Eapen in a statement. “We are actively reviewing current protection measures and controls in order to implement and accelerate long-term security improvements.”
Despite data security remaining a major priority for telcos around the world, data breaches like this are still worryingly common. Indeed, in Singapore this year alone, StarHub rival Singtel revealed that they had had their own cybersecurity woes; back in February, a third-party file sharing system provided by Accellion, called FTA, was illegally accessed through a previously unknown vulnerability, leading to the theft of personal data belonging to around 129,000 customers.
Want to keep up to date with the latest developments in the world of telecoms? Subscriber to receive Total Telecom’s daily newsletter here
Also in the news:
What’s the score? Total Telecom’s quarterly financial Score Board
Aussie telcos under fire for charging customers for unreachable speeds
T-Mobile accuses Dish of ‘dragging their feet’ over CDMA shutdown