Singtel’s customer data was feared to have been breached after a third-party vendor’s system that was used to share information fell victim to a supply chain attack.
The breach occurred on Jan 20 and was done by unidentified hackers that used a zero-day vulnerability within the Accellion legacy file-transfer platform.
The Accellion legacy file-transfer platform or File Transfer Appliance (FTA) is also used by New Zealand’s central bank, the Australian Securities and Investments Commission, and the Washington State Auditor’s Office in the US.
The FTA is used to share information internally and with external stakeholders.
Singtel along with other users was affected by the global hack but claimed that its operations were not affected but not sure whether its customer data was not leaked.
“Customer information may have been compromised. Our priority is to work directly with customers and stakeholders whose information may have been compromised to keep them supported and help them manage any risks. We will reach out to them at the earliest opportunity once we identify which files relevant to them were illegally accessed,” said Singtel.
Singtel added that they have stopped using the FTA and are cooperating with the Cyber Security Agency of Singapore.
Accellion said it has already patched all known vulnerabilities that were exploited by the hackers and added new monitoring and alerting capabilities to the FTA.
It is still unknown which group or individual was responsible for the attack.
© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.