Telco MyRepublic Singapore said it has discovered an “unauthorised” data access incident that has affected 79,388 customers who are mobile subscribers based in Singapore.
MyRepublic said the incident took place on August 29th, on a third-party data storage platform used to store the personal data of MyRepublic mobile customers.
The platform contained identity verification documents related to customer applications. This included scanned copies of both sides of customers’ NRICs, which are the personal identity documents of Singaporeans, Permanent Residents, as well as Employment Pass and Dependant’s Pass holders.
Affected foreigners’ data include documents showing proof of residential address, such as scanned copies of a utility bill.
Customers porting from an existing mobile service are also impacted, and the affected personal data are their names and phone numbers.
MyRepublic said that the unauthorised access to the data storage facility has since been secured and the incident has been contained.
“No MyRepublic systems were compromised and there was no operational impact on MyRepublic’s services,” said the telco.
According to MyRepublic’s CEO Malcolm Rodrigues, there was “no evidence” any personal data was misused. “We are also reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again.”
The company is contacting customers who may be affected to provide them support. They will be provided a complimentary credit monitoring service through Credit Bureau Singapore which will monitor their credit report and alert them of any suspicious activity.
MyRepublic said it will cooperate with the authorities, and it has informed the Infocomm Media Development Authority and Personal Data Protection Commission of the incident.
Featured Image Credit: HardwareZone