MyRepublic Singapore has fallen victim to an unauthorised data access incident on 29 August 2021, affecting 79,388 mobile subscribers based in Singapore. The affected data storage platform contained identity verification documents related to customer applications for mobile services, including scanned copies of both sides of NRICs, proof of residential address documents for foreigners, and name and mobile number for customers porting an existing mobile service.
MyRepublic said there is no indication that other personal data, such as account or payment information, were affected. The company added that none of its systems were compromised and there was no operational impact on MyRepublic’s services. It is also supporting customers in mitigating any possible risk. According to the telco, the unauthorised data access took place on a third-party data storage platform used to store the personal data of MyRepublic’s mobile customers. The unauthorised access to the data storage facility has since been secured, and the incident has been contained.
MyRepublic has notified the Infocomm Media Development Authority and the Personal Data Protection Commission of the issue and will continue to cooperate with those authorities. The company said in a statement that it has also activated its cyber incident response team, which includes a team of external expert advisors such as KPMG in Singapore, to work closely with MyRepublic’s internal IT and network teams to resolve the incident.
CEO Malcolm Rodrigues said the privacy and security of its customers are extremely important to MyRepublic. He added that the team is disappointed with what has occurred and apologised for any inconvenience caused. "My team and I have worked closely with the relevant authorities and expert advisors to secure and contain the incident, and we will continue to support our affected customers every step of the way to help them navigate this issue," he added.
The company will provide all affected customers with an offer to take up a complimentary credit monitoring service through Credit Bureau Singapore (CBS). Under this service, CBS will monitor their credit report and alert them of any suspicious activity. Customers who wish to take advantage of this offer may contact MyRepublic here.
Rodrigues added: “While there is no evidence that any personal data has been misused, as a precautionary measure, we are contacting customers who may be affected to keep them informed and provide them with any support necessary. We are also reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again.”
StarHub and OrangeTee fell victim to a data breach last month. Personal information of more than 57,000 customers subscribed to StarHub before 2007 was discovered to have been uploaded illegally on a third-party data dump website. Meanwhile, OrangeTee's holding company OT Group also experienced a security breach on 6 August after a third-party claimed to have access to its IT network.
Photo courtesy: 123RF
Indonesian health ministry probes alleged data breach of 1.3m users on COVID-19 app
StarHub and real estate group OrangeTee fall victim to data breaches
NTUC's e2i data breach puts 30k individuals' data at risk of exposure
SIA's KrisFlyer and PPS club fall prey to data breach