Around 11,200 DBS & Bank of China customer accounts potentially compromised after ransomware attack on print vendor

A printing vendor for DBS and Bank of China's Singapore Branch has been the victim of a ransomware attack, resulting in the potential compromise of customer details.

No compromise

DBS issued a statement describing the chain of events, saying it was contacted by one of its print vendors, Toppan Next Tech (TNT), which prints customer statements and letters.

TNT told DBS at 10.21 pm on Apr. 5 that it had been the victim of a ransomware attack.

After preliminary investigations, it was determined that about 8,200 DBS customers had their customers' statements/letters potentially compromised.

The compromised statements mainly related to DBS Vickers accounts, with the remainder primarily comprised of Cashline loan accounts.

DBS sought to clarify that its systems were not compromised, that customers' deposits and monies remained safe, and that thus far, there was no evidence of unauthorised DBS transactions resulting from the incident.

Bank of China's Singapore branch issued a similar statement, saying that an incident involving TNT had resulted in around 3,000 customers' data potentially being exposed, including their customer names, addresses, and, in some cases, loan account numbers.

Bank of China

Like DBS, BOC emphasised that there was "no indication that the Bank's internal systems have been compromised" and that customer's deposits and monies remained safe.

BOC said no transaction banking information or credentials were affected and that customer accounts remained secure and fully operational.

Additional precautions

Both banks advised customers to take additional precautions.

DBS told customers not to respond to unsolicited communications, including physical letters, emails, or SMSes containing links to QR codes claiming to be from the bank.

It said that banks would never send customers clickable links via SMS or email.

It also advised not disclosing personal or banking credentials to anyone, such as one-time passwords or credit and debit card details.

It also advised reviewing recent account activity and card statements for unusual and unauthorised transactions.

BOC similarly advised caution regarding phishing emails, phone calls, and SMS messages and advised that customers should update their passwords, especially if they use the same credentials across multiple platforms.

It likewise advised monitoring bank accounts regularly.

DBS has also indicated that it is contacting potentially affected customers "as a matter of priority" and that all impacted customers would be notified by Apr. 8.

In the meantime, DBS has halted all printing jobs with TNT and increased surveillance to monitor for suspicious or unusual activity.

Extracted by threat actor

The Cyber Security Agency of Singapore (CSA) and the Monetary Authority of Singapore (MAS) also released a joint statement on Apr. 7 stating they were aware of the ransomware attack.

It said that TNT reported the attack to the Personal Data Protection Commission on the evening of Apr. 6.

It confirmed that customer information from DBS and BOC's Singapore branch had been "extracted by the threat actor" but that no customer login information had been compromised.

CAS is aiding TNT in its infestations and advising the company on containment measures.

Meanwhile, MAS is closely engaging with both banks on risk mitigation and customer follow-up.

Top image via Wikimedia