Singapore: A third-party IT vendor was hacked and the personal information of approximately 128,000 lender customers was stolen.
The Ministry of Justice (MinLaw) said on Thursday (25 July) that the data breach involved borrower data from 12 licensed lenders using the services of affiliated third-party IT vendor Ezynetic. acknowledged.
Minro, the licensed lender regulator, said Ezynetic's system is not hosted on or linked to government networks.
The ministry added that Ezynetic's systems were “accessed by a malicious actor” and data containing “personally identifiable information” was compromised.
In response to a CNA inquiry, Minro said the compromised data included borrowers' names, NRIC numbers and loan information.
“The data is posted on multiple sites. Affected borrowers are advised to be wary of phishing and other fraudulent activities using compromised data,” the ministry said.
The 12 lenders are Ban King Credit, Credit 21, Lending Bee, Katong Credit, Credit Thirty3, GS Credit, 1AP Capital, Creditmaster, BST Credit, U Credit, Horizon Credit, and Credit Matters.
The lender and Ezynetic filed a report with the police, the Cyber Security Authority of Singapore (CSA) and the Personal Data Protection Commission (PDPC).
Minroe said they have begun notifying borrowers about the breach and reminding them to remain vigilant for potential phishing scams.
Eight other licensed lenders using Ezynetic's services were not affected.
As a containment measure, the Credit Bureau of Singapore (CBS) restricted access to the platform of all 20 licensed lenders served by Ezynetic.
Credit Bureau Singapore is the designated credit bureau that operates the Moneylenders Credit Bureau (MLCB) platform, a central repository of data on the loan and repayment records of borrowers of all licensed money lenders in Singapore.
MLCB's online functionality remains fully available to Singapore's other 133 licensed lenders. Borrowers with questions can contact their respective licensed lender for more information.
The ministry said it takes the data breach seriously.
“Licensed lenders have a duty to protect any information in their possession or control, including information that resides on third-party vendor systems.”
“MinLaw is investigating this matter with CSA and PDPC. MinLaw is also in close contact with the Credit Bureau of Singapore to assist affected licensed lenders in their business recovery efforts.”
