Singtel Hit by Security Breach via Third-Party Vendor

Singtel, the largest telecommunications company in the whole of Singapore, suffered from a data breach. According to The Straits Times, the incident reportedly occurred after a third-party file-sharing system by Accellion was hacked last January 20, 2021.

The telco giant disclosed the cybersecurity breach to the public last Thursday, February 11, 2021. Based on its press release, the company said that Accellion notified the company that hackers have gained unauthorized access into a file-sharing system called File Transfer Appliance (FTA).

The File Transfer Appliance is reportedly used to help disseminate information within Singtel and its respective shareholders reports ZD Net.

Singtel Hit by Security Breach

The FTA was also recognized as a standalone system and has been in the industry for around 20 years. With the system becoming obsolete, The Straits Times reveals that the Accellion already had its system illegally accessed last December 23, 2020. However, the breach only affected less than 50 people in the United States.

Having been informed of the compromise, Singtel maintained that it was quick to apply the patch to the FTA system the next day, as well as on December 27, 2020. However, the FTA patch still proved ineffective, moving Singtel to remove the product.

Singtel’s involvement in the breach is only one of the many cybersecurity incidents that involved the said File Transfer Appliance. Other organizations that have been impacted by this include the Australian Securities and Investments Commission (ASIC), the Office of the Washington State Auditor, and the Reserve Bank of New Zealand, reveals Bleeping Computer.

In its statement, the Singaporean telecommunications provider shared that “Given the complexity of the investigations, it was only confirmed on Feb 9 that files were taken.”

As of writing, ZD Net states that the telecommunications company is still conducting investigations surrounding the incident. Singtel is also working with relevant authorities to gain more information about the said data breach, including the Cyber Security Agency of Singapore and the local police.

Meanwhile, the telco giant has taken to reaching out to affected customers “at the earliest opportunity once we identify which files relevant to them were illegally accessed,” states The Straits Times.

There are still no data regarding customer information that may have been compromised. However, the telco states that it will provide support to customers and stakeholders whose information may be compromised in order to help mitigate or even reduce the risks.

Despite the data breach, Singtel maintains that “this is an isolated incident involving a standalone third-party system. Our core operations remain unaffected and sound.” It also emphasized that it seeks to enhance its file-sharing protocols and its security measures to prevent the same incident from occurring again.