A security breach took place at a third-party data storage platform, as almost 80,000 MyRepublic mobile subscribers in Singapore became victims of data compromise.
MyRepublic is a major internet services provider in Singapore.
The system in question had stored data in identity verification documents for mobile service registration. These included all local customers’ national ID card information, foreign workers’ legal addresses, address verification documents, and copies of their utility bills. Customer names and mobile numbers were also part of this breach.
MyRepublic was informed of this breach by an unknown external party on 29th August. The company says it informed the Personal Data Protection Commission who oversees the Personal Data Protection Act (PDPA), and the Infocomm Media Development Authority (IMDA).
According to MyRepublic, the incident has since been contained. They have also blocked off unauthorized entry to the storage facility. However, it was not disclosed if the storage service was cloud-based and how long it has been in use. The Singapore internet service provider could not provide a date when it last evaluated the security measures.
MyRepublic, in another statement, noted that they were contacting every mobile user who was the victim via email. It was not able to confirm the completion date for this procedure. Its response team was activated with external advisers from KPMG to work with its internal IT personnel to sort out the impact of the breach.
All affected customers would be provided with Credit Bureau Singapore’s complimentary credit monitoring service. It can help assess their credit card report and alert them for fraudulent activities.
A recent MyRepublic interview had the company mentioning that it was looking for revenue in the enterprise space in Singapore and work on its cybersecurity services.