Follow us on Telegram for the latest updates: https://t.me/mothershipsg
MyRepublic Singapore announced that there has been a data breach involving the personal information of 79,388 mobile subscribers based in Singapore.
The "unauthorised data access incident" was discovered Aug. 29, 2021, and they have since secured the data storage facility where the breach occurred.
Breach occurred on third-party storage platform
According to its press release today (Sep. 10), the unauthorised data access took place on a third-party data storage platform it uses to store the personal data of MyRepublic’s mobile customers.
The storage platform contains identity verification documents that were submitted by customers during the application process for their mobile services.
These include:
- For Singapore citizens, permanent residents and employment and dependent pass holders: scanned copies of both sides of NRICs
- Foreigners: proof of residential address documents (e.g. scanned copies of a utility bill)
- Customers porting an existing mobile service: name and mobile number
MyRepublic said that there is no indication that other personal data, such as payment or account information, were accessed.
It also assured customers that its systems and services are not affected and are still operational.
CEO apologises for the breach
MyRepublic has also informed the Infocomm Media Development Authority and the Personal Data Protection Commission of the breach, and is cooperating with them.
It is also working to resolve the incident by activating its cyber incident response team.
Malcolm Rodrigues, CEO of MyRepublic, has personally apologised to customers for the incident:
“The privacy and security of our customers are extremely important to us at MyRepublic. Like you, we are disappointed with what has happened, and I would like to personally apologise for any inconvenience caused.
My team and I have worked closely with the relevant authorities and expert advisors to secure and contain the incident, and we will continue to support our affected customers every step of the way to help them navigate this issue.”
Affected customers should watch out of possible identity fraud
Currently, there is no evidence of the personal data being misused.
In an email to affected customers on Sep. 10, MyRepublic informed them of the steps they should take to ensure that they are not victims of identity fraud.
MyRepublic recommends that affected customers keep an eye on financial and other accounts for suspicious activity, such as unauthorised transactions and changes to account details, and notify their banks as soon as possible if they notice any such activity.
Customers are also told to check with Singapore Post that their mail has not been redirected if they find they are not receiving mail, and secure their letterboxes, as fraudsters sometimes redirect or steal mail to avoid detection.
MyRepublic also warned affected customers that they may be contacted by fraudsters to trick them into providing more personal data.
Customers should be wary of anyone contacting them for more personal information, and to ignore requests for access credentials or personal data.
MyRepublic offering complimentary credit monitoring service
In its email to affected customers, MyRepublic also stated that they are offering a complimentary credit monitoring service through Credit Bureau Singapore (CBS).
This will monitor customers' credit reports and alert them of any suspicious activity.
Rodrigues added: "We are also reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again."
Follow and listen to our podcast here
Top photo via Ming/Google Maps