‘MyRepublic’ Singapore Announced a Customer-Affecting Data Breach Incident

  • The Singaporean communications service provider ‘MyRepublic’, has suffered a data breach through a third party.
  • Their contractor was storing the PII of some of the firm’s customers, so the consequences of the breach are severe.
  • The accessed data includes names, mobile numbers, utility bills, and even national ID cards.

‘MyRepublic’ Singapore has published an announcement to inform its customers of a cybersecurity incident that affects them. The incident took place on 29 August 2021, and it concerns the unauthorized access of data on a third-party storage platform that is used by MyRepublic to store the personal details of its clients. Although the unauthorized access was detected almost immediately and the problem was contained, the actor managed to access 79,388 mobile subscribers based in Singapore.

The data that has been compromised includes the following:

  • For affected Singapore citizens, permanent residents and employment and dependent pass holders — scanned copies of both sides of NRICs.
  • For affected foreigners — proof of residential address documents e.g. scanned copies of a utility bill.
  • For affected customers porting an existing mobile service — name and mobile number.

No account or payment details have been exposed, and no systems or networks belonging to ‘MyRepublic’ were directly compromised by hackers. Still, the firm assumes responsibility as it should and is covering the cost of a credit monitoring service for all customers who have been affected by the data breach.

It is important to point out that there’s no evidence that any personal data has been misused, but it’s obviously too early to tell if anything has been exfiltrated or not. If you are a customer of MyRepublic Singapore, you should remain vigilant against incoming emails and SMS, as phishing, scamming, and social engineering is now a dire possibility. Because utility bills and national ID cards were accessed too, crooks opening accounts using other people’s identities and proof of residence is another dreadful but entirely possible scenario.

Lookout’s Senior Manager, Hank Schless, told us:

This incident highlights the importance of vetting third parties who will have access to your customers’ data. An extensive security review should no longer be optional when you’re looking to onboard a solution that could have access to this sensitive data. In addition, you should constantly review the security posture of that service to ensure they’re staying up to date. You should also look for indicators of how seriously the third party takes security. There are certain tell-tale signs, such as having modern data loss prevention (DLP) capabilities for both cloud-based and on-premise resources, that can help you gauge confidence in the vendor’s ability to protect your data.

REVIEW OVERVIEW

Latest

How to Watch MasterChef Season 12: Back to Win Online From Anywhere

MasterChef is returning for its twelfth season, which will be an all-star season where contestants will be returning for a second chance...

How to Watch The Great American Tag Sale With Martha Stewart Online From Anywhere

Are you ready to see the fabulous Martha Stewart in a great American tag sale? This new show will premiere soon, and...

How to Watch Expedition Unknown Season 10 Online From Anywhere

Discovery's 'Adventure Wednesday' lineup is back this summer, and viewers will be treated to all-new episodes of the reality television series Expedition...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari