Singtel confirms 2020 data breach after cyber-attack on Optus

Parent company of Australian telco says that the personal data of 129,000 customers and 23 businesses was obtained in a cyber-attack two years ago

Just weeks after Optus revealed that the records of 10 million customers had been compromised in a data breach, its parent company, Singtel, is dealing with two of its own data hacks.

Singtel confirmed that a Friday post on a data leak forum contained information obtained from Singtel in a cyber-attack in 2020. It was the same forum where a user last month threatened to release Optus’s stolen data.

In February 2021, Singtel reported that a file transfer application called Accellion FTA it used had a zero-day vulnerability that had been exploited by hackers in late 2020 to obtain Singtel files.

The company suspended the use of the system when it became aware of the breach in February last year, and had been assessing what data had potentially been compromised.

Singtel determined at the time that the personal information of 129,000 customers and 23 businesses had been exposed in the breach.

It determined that data exposed included National Registration Identity care information, name, date of birth, mobile numbers and addresses. For 28 former Singtel staff their bank account details were exposed, and the credit card details of 45 staff of a corporate customer were exposed.

Singtel informed those affected, but the post on the data leak forum is believed to be the first time the data has purportedly been posted online.

Separately, Singtel reported to the Singapore stock exchange on Monday that Dialog, an Australian IT services company which is a subsidiary of a subsidiary of SingTel was also subject of a cyber-attack, in which a third party could have accessed the data of 20 clients and 1,000 current and former employees.

The activity was detected on the company’s servers on 10 September and on Friday 7 October, the company found that a “very small sample” of Dialog’s data, including some employee personal information, had been published on the dark web.

“We are doing our utmost to address the situation and, as a precaution, we are actively engaging with potentially impacted stakeholders to share information, support and advice,” Singtel said.

In the case of both breaches, Optus customer data was not affected, the company said.

It is three weeks since the Optus breach was reported, leading to a push to overhaul cybersecurity and privacy law in Australia, with the government looking at ways to reduce the amount of private information companies hold on citizens.


Josh Taylor

The GuardianTramp

Related Content

Article image
Optus cyber-attack: company opposed changes to privacy laws to give customers more rights over their data
In its submission to Privacy Act review telco said giving people right to erase personal data would involve ‘significant’ hurdles and costs

Josh Taylor

23, Sep, 2022 @8:00 PM

Article image
Optus cyber-attack leaves customers feeling ‘powerless’ over risk of identity theft
Account holders say they are ‘angry’ personal data including addresses and phone numbers was exposed while some say they are yet to hear from telco

Royce Kurmelovs

23, Sep, 2022 @10:12 AM

Article image
Optus data breach: cybersecurity reforms expected to enable companies to rapidly inform financial institutions
Cybersecurity minister Clare O’Neil set to announce reforms in coming week after millions of telco customers’ data stolen

Donna Lu and Royce Kurmelovs

25, Sep, 2022 @8:32 AM

Article image
Customers’ personal data stolen as Optus suffers massive cyber-attack
Personal information of potentially millions of customers exposed, including names, dates of birth, addresses, and contact details

Ben Doherty

22, Sep, 2022 @5:14 AM

Article image
Optus reveals at least 2.1 million ID numbers exposed in massive data breach
Telco says 150,000 passport and 50,000 Medicare numbers have been stolen as it announces independent review

Josh Taylor

03, Oct, 2022 @3:50 AM

Article image
Optus tells former Virgin Mobile and Gomo customers they could also be part of data breach
Identification repair service receives a month’s worth of complaint calls in three days as government pressures telco to pay for replacement ID documents

Josh Taylor

29, Sep, 2022 @5:32 AM

Article image
Optus cyber-attack could involve customers dating back to 2017
CEO says company has not yet confirmed how many people were affected by hack, but 9.8 million was ‘worst case scenario’

Josh Taylor

23, Sep, 2022 @3:04 AM

Article image
Guardian Essential poll: one in two Australians want stronger privacy laws after Optus breach
Survey finds 51% of respondents support restrictions on amount of data private companies can collect and 47% are worried about governments harvesting personal information

Katharine Murphy Political editor

03, Oct, 2022 @4:30 PM

Article image
Optus data breach: who is affected, what has been taken and what should you do?
After a malicious cyber-attack, customers of Australia’s second-largest telco are advised they could be at risk of identity theft

Ben Doherty

22, Sep, 2022 @8:31 AM

Article image
Alleged Optus hacker apologises for data breach and drops ransom threat
Online account claims it published records of 10,000 customers and threatened to release more before change of heart

Josh Taylor and Ben Butler

27, Sep, 2022 @8:39 AM