Introduction

Parent organization of Australian telecom giant Optus, Singapore Telecommunications Limited said that it is currently investigating the impact of a possible security breach. SingTel says that the cybersecurity breach might have exposed and compromised customer data.

In a media statement, SingTel said that it was informed by Accellion, a third-party vendor that itsFile Transfer Appliance (FTA) has been attacked illegally by unidentified hackers. Accelion’s FTA is a standalone system which was used by SingTel to share data information internally and with external stakeholders, said the Singapore-based telco.

More on the SingTel security breach

Singapore Telecommunications says that customer information might have been compromised and it is their priority is to work directly with the affected customers and stakeholders whose data may have been compromised. SingTel says that it’ll reach out to the affected parties, keep them supported and help them manage risks at the earliest once they identify which files were illegally accessed.

The Singapore Exchange-listed Singtel says since the breach, the company suspended the use of the system. commenced investigations and is working closely with cyber security experts and other relevant authorities, like the Cyber Security Agency of Singapore, in order to get in control of the situation.

See Also: CSO Group awarded $16 million NSW government cybersecurity contract

The cyber attack on Accellion’ s FTA

The incident of SingTel cybersecurity breach is part of a wider attack against users of Accellion. In a press release dated 1st February 2021, the provider of enterprise content firewall Accellion, Inc. said that its FTA (a 20-year old product “nearing end-of-life” became the target of cyberattack.

All customers of FTA were promptly alerted about the attack. The vendor said that it patched all known vulnerabilities exploited by attackers in the FTA system and added new monitoring as well as alerting capabilities to flag unusual activities.

About 50 Accellion customers were affected by the attack. However, the company says that its vulnerabilities were limited just to FTA software and does not impact Kiteworks, its enterprise content firewall product. Kitework is Accellion’s product on which its most customers operate and stays unaffected as it was developed on a different security architecture and code base altogether, said Accellion.

In January 2021, the Australian Securities and Investments Commission (ASIC) became a victim of a similar cyber breach. The compromised information included data related to credit license applications. However, ASIC says the information was been viewed by the hackers and it didn’t appear like the data was downloaded. Being an Accellion customer, the Reserve Bank of New Zealand also suffered from a similar attack in early January 2021.

Conclusion

The security breach involving SingTel and its third-party vendor Accellion has led to potential exposure and compromise of customer data. SingTel has swiftly responded by suspending the affected File Transfer Appliance (FTA) system and working with cybersecurity experts to address the situation. The company is prioritizing the identification and support of affected customers while investigating the extent of the breach. This incident highlights the risks associated with using third-party vendors, especially legacy systems nearing their end of life, and underscores the importance of robust cybersecurity measures for protecting sensitive information.

FAQs

  1. What caused the SingTel security breach?
    The breach occurred due to an attack on Accellion’s File Transfer Appliance (FTA), a third-party system used by SingTel for sharing data internally and with external stakeholders.
  2. What type of data might have been compromised?
    SingTel has indicated that customer information might have been compromised. However, the full scope of the data breach has not yet been determined.
  3. What is SingTel doing to address the breach?
    SingTel has suspended the use of the affected system, launched an investigation, and is working with cybersecurity experts and relevant authorities, such as the Cyber Security Agency of Singapore, to manage the breach.
  4. How many customers were affected by the attack?
    SingTel has not specified the exact number of affected customers but is actively working to identify and support those whose data may have been compromised.
  5. Is the issue related to Accellion’s FTA system widespread?
    Yes, the attack on SingTel is part of a wider breach affecting about 50 customers of Accellion’s FTA system, including organizations such as the Australian Securities and Investments Commission (ASIC) and the Reserve Bank of New Zealand.
  6. What has Accellion done to address the breach?
    Accellion has patched the vulnerabilities exploited by the attackers, added new monitoring and alerting capabilities to the system, and reassured customers that their Kiteworks product remains unaffected by the breach.
  7. How will SingTel support affected customers?
    SingTel has committed to reaching out to affected customers, providing support, and assisting them in managing any risks associated with the breach.