SINGAPORE: MyRepublic Singapore said on Friday (Sep 10) that it has discovered an “unauthorised data access incident” affecting 79,388 customers.
The incident took place on Aug 29 and affected MyRepublic mobile subscribers based in Singapore, said the local telcom.
“The unauthorised data access took place on a third-party data storage platform used to store the personal data of MyRepublic’s mobile customers,” it said in a statement.
The platform contained identity verification documents related to customer applications, the firm said.
This included scanned copies of both sides of the NRIC for affected customers who are Singaporeans, permanent residents or holders of employment passes and dependant’s passes.
For other affected foreigners, the data included documents showing proof of residential address, such as scanned copies of a utility bill.
For customers porting from an existing mobile service, the affected data included their names and phone numbers.
There was “no indication” that any other personal data, such as account or payment information, was affected, said MyRepublic.
“The unauthorised access to the data storage facility has since been secured, and the incident has been contained,” the telcom said.
It added that “no MyRepublic systems were compromised and there was no operational impact on MyRepublic’s services”.
MyRepublic CEO Malcolm Rodrigues said there was “no evidence” that any personal data was misused, and that the company was contacting customers who may be affected to provide them support.
“We are also reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again,” he said.
All affected customers will be offered a complimentary credit monitoring service through Credit Bureau Singapore, which will monitor their credit report and alert them of any suspicious activity, said the telcom.
MyRepublic said it has informed the Infocomm Media Development Authority and Personal Data Protection Commission (PDPC) of the incident, and would cooperate with the authorities. It has also activated its cyber incident response team.
“The privacy and security of our customers are extremely important to us at MyRepublic. Like you, we are disappointed with what has happened, and I would like to personally apologise for any inconvenience caused,” said Mr Rodrigues.
In response to CNA’s query, PDPC said it “is aware of the incident and has reached out to MyRepublic Limited for more information”.