Security News > 2021 > August > Singaporean telco leaked personal data of over 57,000 customers
Singapore cable, internet and mobile phone provider StarHub is in the process of notifying 57,191 customers via email that they are victims of a cyber attack that leaked national identity card numbers, mobile numbers and email addresses.
The data breach was discovered on July 6 but was not announced until August 6th. StarHub told The Register via email that the company suspects the stolen data file was found within a day of it being uploaded to the third-party web site.
Singapore's Personal Data Protection Act 2012 sets out the law on data protection in Singapore.
According to one Singapore-based media lawyer The Register spoke to, the PDPA is a serious regulation but is considered less strict than Europe's GDPR. The PDPA specifically requires organizations to notify the Personal Data Protection Commission within three days of an assessment if the breach affects more than 500 individuals or is likely to result in significant harm.
Although the time from discovery of the incident on July 6 to announcement of the leak was one month, and the timeline from incident to completion of notifying all victims on August 20th is more than six weeks, StarHub told The Register that the organization is in compliance with the PDPA. "StarHub notified our affected customers progressively from 6 August 2021, in accordance with Section 26D of Singapore's Personal Data Protection Act 2012," StarHub corporate communications assistant veep Cassie Fong told The Reg.
StarHub's advisory for customers details the breach and advises the use of regularly-updated strong passwords that do not include personal information.