Personal info including scanned copies of IC, utility bills of over 79,000 MyRepublic mobile customers illegally accessed
SINGAPORE — The data of more than 79,000 MyRepublic Singapore customers who subscribe to its mobile services has been accessed by an unauthorised third party in a data breach, the telecommunications firm said on Friday (Sept 10).
SINGAPORE — The data of more than 79,000 MyRepublic Singapore customers who subscribe to its mobile services has been accessed by an unauthorised third party in a data breach, the telecommunications firm said on Friday (Sept 10).
MyRepublic said that the incident took place on Aug 29, and that it occurred on a third-party data storage platform used to store the personal data of its customers.
Based on its investigation, the breach affects 79,388 mobile subscribers based in Singapore.
The affected data storage platform contained identity verification documents related to customer applications for mobile services, including:
For affected Singapore citizens, permanent residents and employment and dependent pass holders — scanned copies of both sides of their National Registration Identity Cards
For affected foreigners — proof of residential address documents such as scanned copies of a utility bill
For affected customers porting an existing mobile service — name and mobile number
MyRepublic's chief executive officer Malcolm Rodrigues said there is no evidence that any personal data has been misused.
However, as a precautionary measure, the company is contacting customers who may be affected to keep them informed and provide them with any support necessary, he added.
“We are also reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again.”
There is no indication that other personal data, such as account or payment information, were affected, the company said.
No MyRepublic systems were compromised and there was no operational impact on the company's services.
The unauthorised access to the data storage facility has since been secured and the incident has been contained, it added.
It will provide all affected customers with an offer to take up a complimentary credit monitoring service through Credit Bureau Singapore. Under this service, the bureau will monitor their credit report and alert them of any suspicious activity.
"MyRepublic has notified the Infocomm Media Development Authority and the Personal Data Protection Commission (PDPC) of the issue, and will continue to cooperate with those authorities.”
The company has also activated its cyber incident response team.
Mr Rodrigues said: “The privacy and security of our customers are extremely important to us at MyRepublic. Like you, we are disappointed with what has happened, and I would like to personally apologise for any inconvenience caused.”
He added: “My team and I have worked closely with the relevant authorities and expert advisors to secure and contain the incident, and we will continue to support our affected customers every step of the way to help them navigate this issue.”
In response to a query from TODAY, PDPC said that it is aware of the incident and has reached out to MyRepublic for more information.