MyRepublic Singapore has revealed a data hijack disclosing the personal data of around 80,000 mobile subscribers. MyRepublic and Asia-Pacific telecommunications carrier and Internet service provider with operation in Singapore, Singapore, New Zealand, and Australia.

In previous days, MyRepublic Singapore start emailing data hijacking notifications revealing that the customer’s personal information was exposed after an unauthorized person gained access to a third-party data storage platform.

MyRepublic also states that the information storage has since been protected, but not before an unauthorized person had accessed the information of around 79,388 mobile subscribers based in Singapore.

What is the Information Include?

The hijacked information includes identity verification documents for applications for mobile services, which includes:

• For affected Singapore citizens, permanent residents, and employment and dependent pass holders — scanned copies of both sides of NRICs.
• For affected foreigners — proof of residential address documents e.g. scanned copies of a utility bill.
• For affected customers porting an existing mobile service — name and mobile number.

There are no possibilities that account or transaction information was accessed as part of this incident. While the storage platform has not been disclosed, it is likely an incorrectly secured storage bucket based on the types of files that were exposed.

MyRepublic says that they have reported the incident to Singapore’s Infocomm Media Development Authority and the Personal Data Protection Commission and will work with them to investigate the security incident.

The mobile carriers are also working with KPMG in Singapore to considering and resolve the incident. For those affected by this data breach, MyRepublic and appreciative credit monitoring service through Credit Bureau Singapore (CBS).

What should the affected customers do?

While no commercial or account details, such as email addresses and login names, were revealed, other critical data was accessed that could permit identity theft. Using stolen utility bills and National Registration Identity Cards (NRICs), it may be possible for threat actors to open accounts or receive credit under an exposed customer’s name.

Therefore, all the impacted customers must monitor their credit reports to assure dishonest accounts are not designed with their identity. Customers whose mobile numbers were revealed should also look for SMS texts attempting to steal further sensitive data.