• Security firm Certis warned of a possible phishing attack involving emails sent on March 16 and 17
• Certis is examining about 62,000 emails of members of the public, corporations and Certis customers
• So far, about 1.2 per cent had been found to contain personal information including NRIC and credit card numbers

SINGAPORE — Security firm Certis warned on Friday (April 9) of a phishing attack involving emails that appeared to be from Certis but were not. It is examining 62,000 emails in the affected account and had so far found 1.2 per cent containing personal information.

The personal information includes National Registration Identity Card (NRIC) and credit card numbers, the firm said.

“Investigations later revealed that these emails are potentially part of a wider phishing attack targeting Microsoft Office365 cloud email accounts,” Certis said.

“We are examining every email correspondence in the affected mailbox to sift out only affected individuals, corporate organisations and customers who may have sent emails containing personal data,” it added.

Certis said it was the company’s customer databases had not been compromised.

The emails were sent on March 16 and 17, purportedly from the affected email account — customerservice [at] certisgroup.com.

In its statement, Certis said they were alerted to an incident on March 17 where several people had received phishing emails from a single email account which “appeared to be from (the company)”.

Its IT team “immediately” conducted an investigation and found that the phishing emails did not “originate from our customer service email account on Microsoft Office365 cloud, and no customer database had been compromised”.

Certis said that during the same period the phishing emails were sent, unauthorised access was detected into the same customer service email account.

“Our IT team took urgent steps to strengthen our authentication processes and scanned affected computers. No further unauthorised access has been detected,” the company said.

It added that external cyber security experts were then called in to investigate the nature of the incident and assess the impact on the affected individuals.

“The extensive process of examining all the emails for personal data is still ongoing. As a precaution, we are progressively alerting all affected individuals who may potentially be at risk,” it said.

The company added that it has also engaged the services of a reputable identity theft monitoring provider for further security.

“The service is offered to affected individuals at no cost to them. This helps alert them upon detection of any potential misuse of their personal data,” Certis said.

Mr Ronald Poon, Certis’ chief executive for Singapore, apologised to all those who may have been impacted by the incident and for the inconvenience and distress caused.

“We are making every effort to reach out to the affected individuals. And we want to ensure that we support them in every way we can. Our email system will undergo further reviews to mitigate vulnerabilities and enhance the protection of our data, and that of our customers.

“I would like to assure all our customers that this is an isolated phishing incident linked to a single email account. We can affirm that none of our customer databases were compromised. Our operations remain secure and unaffected,” said Mr Poon.

Earlier on Monday, around 30,000 individuals who have used the services of Employment and Employability Institute (e2i) may have had their names, contact details and other personal data exposed following a malware attack on a mailbox belonging to an employee of a third-party vendor last month.

The incident “may have resulted in an unauthorised access” to the employee’s mailbox, which also contains other data such as NRIC details, educational qualifications and employment details, e2i said then.

Together with the vendor, i-vic International, e2i said it has followed up with immediate mitigation measures to tighten the security of email and network systems, and will be doing constant checks to monitor for any potential vulnerabilities.