79,000 MyRepublic Singapore customers’ data stolen following data breach

Singapore mobile and broadband provider MyRepublic announced on Friday that 79,400 personal records of mobile customers have potentially been accessed by hackers. The data was accessible due to a security breach on a third-party storage platform.  

The data accessed was verification documents for mobile customers. Scanned copies of both sides of permanent Singapore residents’ NRICs have potentially been accessed. NRICs show a resident’s ID number, name, and address. 

The breach also affects Singapore foreigners, with names, phone numbers, and proof of residential addresses all being stored on the breached third-party system. 

According to a press release given on Friday 10th, no MyRepublic systems were compromised, only that of the affected third-party storage platform. MyRepublic stated “there is no indication that other personal data, such as account or payment information, were affected.” The breach also did not affect MyRepublic’s service. 

MyRepublic CEO Malcolm Rodrigues personally apologised for any inconvenience caused by the data breach. He stated: 

“My team and I have worked closely with the relevant authorities and expert advisors to secure and contain the incident, and we will continue to support our affected customers every step of the way to help them navigate this issue.” 

MyRepublic discovered the “unauthorised data access incident” on August 29th. Following the discovery, MyRepublic notified Infocomm Media Development Authority (IMDA) and the Personal Data Protection Commission (PDPC) of the breach. 

MyRepublic’s incident response team has been activated following the breach. The incident response team includes expert external advisors KPMG, who will work with MyRepublic’s network and IT teams to resolve the issue. 

Following the breach, MyRepublic is providing affected customers with a free credit monitoring service through Credit Bureau Singapore (CBS). CBS will monitor the credit report of affected customers, alerting them of any suspicious activity that may result due to the data breach. 

Malcolm Rodrigues closed the statement by clarifying that there is “no evidence that any personal data has been misused” but that affected customers will be contacted as a precautionary measure. Mr Rodrigues also stated:  

“We are also reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again.” 

Singapore Cyber Attacks 

The MyRepublic breach is the next in a string of cyber attacks that have occurred in Singapore in August alone. 

In August, another Singapore mobile company StarHub suffered a data breach that exposed the ID numbers and e-mail addresses of 57,000 customers.  

OrangeTee real estate group suffered a data breach from a third-party that forced the company to take their website down. 

Three high profile ransomware cases occurred in August, including an attack on Singaporean eye clinic Eye & Retina Surgeons. The ransomware attack targeted the personal information and clinical records of 73,000 patients.