Singtel confirms data breach via third-party vendor Accellion

Breach impacts “standalone system” which is used to share information internally as well as with external stakeholders

Software used by Singtel has been “illegally attacked by unidentified hackers”, accessing file sharing system FTA via third-party vendor Accellion.

According to the telecommunications giant, the breach impacts a “standalone system” which is used to share information internally as well as with external stakeholders.

“This is an isolated incident involving a standalone third-party system,” a statement from Singtel read. “Our core operations remain unaffected and sound.”

Accellion advised that the incident formed part of a wider concerted breach against users of the vendor’s file sharing system following a “sophisticated cyber attack” on 23 December. With all FTA customers “promptly notified” at the time, Accellion also moved to patch all known FTA vulnerabilities exploited by the attackers, alongside adding new monitoring and alerting capabilities to flag anomalies associated with these attack vectors.

“We have since suspended all use of the system and activated investigations, working closely with cyber security experts and the relevant authorities, including the Cyber Security Agency of Singapore which is providing additional guidance,” a Singtel statement added. “We are currently conducting an impact assessment with the utmost urgency to ascertain the nature and extent of data that has been potentially accessed. Customer information may have been compromised.”

Currently, Singtel said plans are underway to work directly with customers and stakeholders whose information may have been compromised as a priority.

“We will reach out to them at the earliest opportunity once we identify which files relevant to them were illegally accessed,” the statement read.