SINGAPORE: A ransomware attack on a Singapore-based data handling service provider has compromised the personal information of at least 146 Income Insurance policy holders.
The company in question, DataPost, is in the early stages of investigating the attack, the firm said on Thursday (May 29).
DataPost was responsible for the printing and mailing of some of Income Insurance policy holders’ documents, the insurer said in a separate statement, adding that affected customers’ bonus statements had been compromised.
DataPost, which works with government agencies and financial institutions, among others, told CNA its investigations “will take time to complete”.
In response to queries from CNA, a spokesperson from the Personal Data Protection Commission (PDPC) said that it is aware of the case and is also investigating.
A spokesperson from the Cyber Security Agency told CNA that the agency is aware of the incident and has reached out to DataPost to offer assistance.
“We are keeping a close watch on developments,” they added.
In ransomware attacks, threat actors typically use malicious software to encrypt files on servers, then demand a ransom in exchange for unlocking these files.
The attack on DataPost was flagged on May 27 by infosecurity blog RedPacket Security and cybersecurity platform HookPhish.
The breach led to data exfiltration, or the unauthorised transfer of data, and appeared to involve multiple tools and personnel, suggesting a coordinated attack, according to RedPacket Security.
The threat group was identified as “direwolf”, and allegedly used various infostealers – or malicious software that breaches computer systems – to gather the data.
CNA has contacted DataPost for further comment on the scale and severity of the attack.
INCOME INSURANCE COMPROMISED
In its statement, Income Insurance said that it was alerted to the incident on Sunday.
The compromised data included information such as names, postal addresses, policy numbers and plans, and annual bonuses for the year 2024.
Upon being notified, the insurer immediately suspended all printing jobs with DataPost. The company also blocked connections to DataPost and reinforced firewall restrictions.
Income Insurance said it was on “heightened alert” to monitor for any suspicious activity, and is reaching out to all policy holders who might have been impacted by the breach, the company said.
It added that there is currently no evidence of unauthorised access to any of its digital platforms and that it will “work closely” with both relevant authorities and DataPost to assess the full impact of the incident.
The insurer’s CEO Andrew Yeo said that protecting the privacy and security of policy holders’ personal information was of “utmost importance”.
“We believe in informing our policy holders promptly and empathise with the concern this incident may cause,” he said, adding that the company will continue to provide updates as more information becomes available.
DataPost provides e-invoicing services to financial institutions, insurance companies, telecommunication companies and government agencies in Singapore and Malaysia.
It handles over 40 million documents per month, according to its website.
The company said its facilities are audited annually by banks and third-party auditors to ensure compliance with data security and operational security requirements.
Singapore’s Infocomm Media Development Authority (IMDA) has accredited DataPost as the service provider for InvoiceNow, a nationwide e-invoicing network.
Through InvoiceNow, companies can transmit e-invoices in a standard digital format across different finance systems.
DataPost told CNA that it will comply with all regulatory obligations throughout the course of the investigation.
“We take the security of our data very seriously and will continue to take all necessary steps to address this situation,” it said.
