By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: In Singtel hacking case, lessons to be learnt on managing fallout
Share
Aa
TechgoonduTechgoondu
Aa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Cybersecurity > In Singtel hacking case, lessons to be learnt on managing fallout
CybersecurityEnterpriseSoftwareTelecom

In Singtel hacking case, lessons to be learnt on managing fallout

Alfred Siew
Last updated: February 18, 2021 at 6:02 PM
Alfred Siew Published February 18, 2021
5 Min Read
SHARE
A man walks past a Singtel shop in Singapore. Wilson Wong for Techgoondu.

When you find that you’ve been hacked and your customers’ sensitive information has been leaked, it’s hard to come out smelling like roses, as the Singtel hacking case this month shows.

The Singapore-based telecom operator yesterday disclosed that 129,000 customers had their NRIC numbers and some combination of their names, dates of birth, mobile numbers and addresses stolen in a case that first came to light last week.

In addition, the bank account details of 28 former Singtel employees, along with the credit card details of 45 staff of a corporate customer with Singtel’s mobile service have also been stolen. That, along with “some information” from 23 enterprises.

With the exception of the “some information” part which seems vague, this is a rather transparent account of the damage done by the cyberattack, which was carried out on a supplier of a file sharing service that Singtel offered.

This 20-year-old offering, made by Accellion, was supposed to be near its end of life by end-April, but apparently it still held data that could now be sold and traded by cyber criminals.

Looking through the statement that Singtel put out yesterday, you’re glad to see that Singtel hadn’t simply blamed the episode on its supplier, which was the victim of a sophisticated attack earlier.

Instead, Singtel head honcho, Yuen Kuan Moon, apologised “unreservedly” for the data theft that had impacted its customers.

Now, whether this would head off any sort of legal suits afterwards, which the affected companies may file against Singtel or Accellion, is a question to be answered later.

What’s clear are the lessons that this Singtel hacking case has for many businesses now struggling to cope with emerging cyber threats and the potential fallout from a data breach.

First, the transparency. By quickly investigating the data breach and reporting the extent of the damage, Singtel is not just complying with legal requirements for critical infrastructure providers but also helping customers assess their risk of exposure.

Second, owning up. This was a supply chain attack, which means a Singtel supplier and not Singtel itself was directly attacked. Increasingly common, such attacks are hard to ward off but ultimately still impact lots of end customers.

Ultimately, of course, the buck stops with Singtel, since it has to answer to its customers. It’s good to note that it took two days, from February 9, when it established that files were taken as a result of a breach, to go public with the news.

Compare this with how Singapore’s Ministry of Health responded to the theft of HIV patients’ data just two years ago. It took more than two years after it found out about the breach to reveal the incident to the public.

There are other examples, both good and bad, of responses to a data breach. In October last year, after Lazada had the names, phone numbers and partial credit card numbers of some 1.1 million accounts stolen, the e-commerce provider came out to say the data was “out of date” by 18 months.

That’s a pretty strange assertion to make. Do you change your name, phone number or credit card number every 18 months? If not, then clearly, the data stolen could still be relevant and customers should not be made to think otherwise.

To its credit, Lazada did explain to users in a clear FAQ how to check if their accounts were affected and what to do afterwards. That should be the minimum today.

Indeed, a clear explanation is what Singtel has put out as well on its website. It also said it would contact affected customers to assist them in managing potential risks.

It’s true that a cyberattack can hit anyone, including the most well-defended companies and government agencies, including the United States’ National Security Agency.

However, how you mitigate the fallout matters. How you assist your affected customers and users will define how much trust they still place on you after the incident.

You Might Also Like

As TikTok faces a possible ban in the US, should users elsewhere be worried?

Foodpanda to use Gogoro electric scooters in battery swapping trial with Cycle & Carriage

RedCap: A new cellular IoT technology for the 5G era

Debate on computational photography misses what’s real, what’s lived outside a frame

Q&A: Delivering movies digitally and securely from around the world

TAGGED: Accellion, cybersecurity, FTA, hacking, SingTel, supply chain attack

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Alfred Siew February 18, 2021
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Copy Link Print
Share
Avatar photo
By Alfred Siew
Follow:
Alfred is a writer, speaker and media instructor who has covered the telecom, media and technology scene for more than 20 years. Previously the technology correspondent for The Straits Times, he now edits the Techgoondu.com blog and runs his own technology and media consultancy.
Previous Article In a software-defined, interconnected world, supply chain attacks are hard to ward off
Next Article Goondu review: The Medium
Leave a comment

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

Facebook Like
Twitter Follow

Latest News

As TikTok faces a possible ban in the US, should users elsewhere be worried?
Cybersecurity Internet March 24, 2023
Foodpanda to use Gogoro electric scooters in battery swapping trial with Cycle & Carriage
Enterprise Internet March 23, 2023
RedCap: A new cellular IoT technology for the 5G era
Enterprise Software Telecom March 23, 2023
Sony Playstation VR2 review: An immersive experience awaits
Gaming March 21, 2023
//

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
Follow US

© 2023 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact

Join Us!

Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Lost your password?