The Singapore StarHub and real estate OT group accepted to have suffered a data breach. The holding company of OrangeTee Advisory revealed that they received a mail from a third party claiming to have breached their IT networks. On further research, it was found that the personal data of more than 57,000 customers, who subscribed to StarHub before 2007, was uploaded illegally on Dark-Web.
The company alleges, personal data of 14 years old had been stolen, comprising of identity card numbers, mobile numbers, and email addresses. Assured that no Mastercard or bank details have been compromised nor StarHub’s information systems or customer databases compromised. The leaked documents were removed, and since then, implemented a series of actions to protect customers’ interests. An incident management team has been organized, engaging digital forensic and cybersecurity experts to launch an investigation as well as to review the existing security measures. Simultaneously, StarHub is also notifying its affected customers via email.
Even, offered six months of commendatory credit monitoring service via Credit Bureau Singapore. The company reassured its customers to sign up for this service after receiving its email notification, as there’s no evidence of data misuse. Nikhil Eapen, CEO of StarHub, apologized for the incident and promised to be transparent and to keep its customers updated. He also confessed that, Ensuring security is a key area they’re constantly working on. They have made substantial cybersecurity investments over the years, shoring up their cyber defenses, and will continue to stay vigilant in safeguarding them.
Meanwhile, the company again became a victim of a data security breach on 6 August. The Group said in a statement that it has reported the incident to relevant authorities, and is currently working closely with cybersecurity experts to ascertain the nature and extent of the breach. StarHub and OrangeTee’s data breaches follow a slew of comparable incidents this year.
In December 2020, the Singapore government alleged a fine of up to 10% of a company’s annual turnover in Singapore, or SG$1 million (whichever is higher), should a company be found guilty of a data breach. According to the communications and information minister S. Iswaran, “the proposed amendments sought to strike a balance between consumers’ confidence that their data will be secure and used responsibly and organizations’ certainty to harness personal data for legitimate purposes, with the essential safeguards and accountability”, reported The Straits Times.