Over 79,000 MyRepublic mobile subscribers in S'pore affected by data breach

Personal data such as copies of NRICs, addresses and phone numbers have been compromised.

Low Jia Ying | September 10, 2021, 01:25 PM

Follow us on Telegram for the latest updates: https://t.me/mothershipsg

MyRepublic Singapore announced that there has been a data breach involving the personal information of 79,388 mobile subscribers based in Singapore.

The "unauthorised data access incident" was discovered Aug. 29, 2021, and they have since secured the data storage facility where the breach occurred.

Breach occurred on third-party storage platform

According to its press release today (Sep. 10), the unauthorised data access took place on a third-party data storage platform it uses to store the personal data of MyRepublic’s mobile customers.

The storage platform contains identity verification documents that were submitted by customers during the application process for their mobile services.

These include:

  • For Singapore citizens, permanent residents and employment and dependent pass holders: scanned copies of both sides of NRICs
  • Foreigners: proof of residential address documents (e.g. scanned copies of a utility bill)
  • Customers porting an existing mobile service: name and mobile number

MyRepublic said that there is no indication that other personal data, such as payment or account information, were accessed.

It also assured customers that its systems and services are not affected and are still operational.

CEO apologises for the breach

MyRepublic has also informed the Infocomm Media Development Authority and the Personal Data Protection Commission of the breach, and is cooperating with them.

It is also working to resolve the incident by activating its cyber incident response team.

Malcolm Rodrigues, CEO of MyRepublic, has personally apologised to customers for the incident:

“The privacy and security of our customers are extremely important to us at MyRepublic. Like you, we are disappointed with what has happened, and I would like to personally apologise for any inconvenience caused.

My team and I have worked closely with the relevant authorities and expert advisors to secure and contain the incident, and we will continue to support our affected customers every step of the way to help them navigate this issue.”

Affected customers should watch out of possible identity fraud

Currently, there is no evidence of the personal data being misused.

In an email to affected customers on Sep. 10, MyRepublic informed them of the steps they should take to ensure that they are not victims of identity fraud.

MyRepublic recommends that affected customers keep an eye on financial and other accounts for suspicious activity, such as unauthorised transactions and changes to account details, and notify their banks as soon as possible if they notice any such activity.

Customers are also told to check with Singapore Post that their mail has not been redirected if they find they are not receiving mail, and secure their letterboxes, as fraudsters sometimes redirect or steal mail to avoid detection.

MyRepublic also warned affected customers that they may be contacted by fraudsters to trick them into providing more personal data.

Customers should be wary of anyone contacting them for more personal information, and to ignore requests for access credentials or personal data.

MyRepublic offering complimentary credit monitoring service

In its email to affected customers, MyRepublic also stated that they are offering a complimentary credit monitoring service through Credit Bureau Singapore (CBS).

This will monitor customers' credit reports and alert them of any suspicious activity.

Rodrigues added: "We are also reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again."

Follow and listen to our podcast here

Top photo via Ming/Google Maps