SINGAPORE: A ransomware attack on a printing vendor has led to the extraction of customer information from DBS Bank and Bank of China, Singapore.
The attack was reported by Toppan Next Tech (TNT) to the Personal Data Protection Commission on Sunday evening (Apr 6), the Cyber Security Agency of Singapore (CSA) and the Monetary Authority of Singapore (MAS) said on Monday.
"The attack has led to customer information from DBS Bank and Bank of China Limited, Singapore branch, being extracted by the threat actor. No customer log-in information has been compromised," said the authorities.
DBS said that it was informed by TNT of the incident at about 10.20pm on Saturday.
"Based on preliminary investigations, customer statements/letters of about 8,200 DBS customers have been potentially compromised. The majority of these statements/letters relate to DBS Vickers accounts.
"The remainder is made up of mainly Cashline loan accounts. Investigations into the incident are ongoing," said the bank.
DBS added that its systems were not compromised.
"Customers' deposits and monies remain safe. So far, there is also no evidence of any unauthorised DBS transactions resulting from the incident."
The bank said TNT's preliminary review indicated that the potentially compromised statements and letters were those largely sent to individual customers.
They were dated December 2024, January 2025 and February 2025.
DBS said that it sends customer statements and letters to TNT for printing in encrypted files.
"As investigations are still ongoing, it is not known if the threat actor was able to decrypt the files.
"Customer data in the statements/letters that could have potentially been compromised include first and last name, postal address, as well as details relating to equities held under DBS Vickers and Cashline loans," it said, noting that the documents do not contain login credentials, passwords, NRIC details, deposit balances or total wealth holdings.
While the incident did not occur within DBS’ systems, the bank said it takes the matter seriously and is contacting potentially affected customers as a matter of priority.
Impacted customers who have registered their email addresses with the bank will be informed by Tuesday.
Where DBS does not have the customer’s email details, the customer will be informed by physical mail.
Upon being notified of the incident, DBS immediately halted all printing jobs with TNT and heightened surveillance to monitor any suspicious or unusual account activity.
CSA is aiding TNT in their investigations and is advising them on containment measures.
MAS is in “close engagement” with the affected banks on their risk mitigating measures and follow-up with customers.
“The impacted banks have placed the relevant accounts on enhanced monitoring, and are contacting affected customers as a matter of priority,” said CSA and MAS.
As ransomware threats are increasing in frequency and sophistication, CSA advised organisations to refer to the agency’s advisory for prevention and mitigation measures.
Continue reading...
The attack was reported by Toppan Next Tech (TNT) to the Personal Data Protection Commission on Sunday evening (Apr 6), the Cyber Security Agency of Singapore (CSA) and the Monetary Authority of Singapore (MAS) said on Monday.
"The attack has led to customer information from DBS Bank and Bank of China Limited, Singapore branch, being extracted by the threat actor. No customer log-in information has been compromised," said the authorities.
DBS said that it was informed by TNT of the incident at about 10.20pm on Saturday.
"Based on preliminary investigations, customer statements/letters of about 8,200 DBS customers have been potentially compromised. The majority of these statements/letters relate to DBS Vickers accounts.
"The remainder is made up of mainly Cashline loan accounts. Investigations into the incident are ongoing," said the bank.
DBS added that its systems were not compromised.
"Customers' deposits and monies remain safe. So far, there is also no evidence of any unauthorised DBS transactions resulting from the incident."
The bank said TNT's preliminary review indicated that the potentially compromised statements and letters were those largely sent to individual customers.
They were dated December 2024, January 2025 and February 2025.
DBS said that it sends customer statements and letters to TNT for printing in encrypted files.
"As investigations are still ongoing, it is not known if the threat actor was able to decrypt the files.
"Customer data in the statements/letters that could have potentially been compromised include first and last name, postal address, as well as details relating to equities held under DBS Vickers and Cashline loans," it said, noting that the documents do not contain login credentials, passwords, NRIC details, deposit balances or total wealth holdings.
While the incident did not occur within DBS’ systems, the bank said it takes the matter seriously and is contacting potentially affected customers as a matter of priority.
Impacted customers who have registered their email addresses with the bank will be informed by Tuesday.
Where DBS does not have the customer’s email details, the customer will be informed by physical mail.
Upon being notified of the incident, DBS immediately halted all printing jobs with TNT and heightened surveillance to monitor any suspicious or unusual account activity.
CSA is aiding TNT in their investigations and is advising them on containment measures.
MAS is in “close engagement” with the affected banks on their risk mitigating measures and follow-up with customers.
“The impacted banks have placed the relevant accounts on enhanced monitoring, and are contacting affected customers as a matter of priority,” said CSA and MAS.
As ransomware threats are increasing in frequency and sophistication, CSA advised organisations to refer to the agency’s advisory for prevention and mitigation measures.
Continue reading...