80,000 MyRepublic mobile users' data exposed by breach

MyRepublic data breach: 80,000 mobile users' personal data exposed
Staff Writer, Singapore
Staff Writer, Singapore·Editorial Team
Fri, September 10, 2021, 7:32 AM·2 min read
PHOTO: Screenshot
PHOTO: Screenshot
SINGAPORE — The personal data of about 80,000 MyRepublic mobile subscribers was accessed without authorisation last month.

The telco said in a media release on Friday (10 September) that the breach took place on 29 August on a third-party data storage platform used to store the personal data of its mobile customers.

Investigations showed that the unauthorised access affected 79,388 mobile subscribers based in Singapore. The data storage platform contained personal data related to customer applications for mobile services, including:

For affected Singaporeans, permanent residents and employment/dependent pass holders: scanned copies of both sides of NRICs;

For affected foreigners: proof of residential address documents, such as scanned copies of a utility bill;

For affected customers porting an existing mobile service: name and mobile number.

MyRepublic said there was no indication that other personal data, such as account or payment information, was affected. The unauthorised access to the data storage facility has since been secured, and the incident has been contained.

The telco stressed that its own systems were not compromised and there was no operational impact on its services. It has nonetheless notified the Infocomm Media Development Authority and the Personal Data Protection Commission of the issue.

It has also activated its cyber incident response team, which includes a team of external expert advisors such as KPMG in Singapore, to work closely with its internal IT and Network teams to resolve the incident.

Affected customers to get offer for credit monitoring service
MyRepublic said that it will provide all affected customers with an offer to take up a complimentary credit monitoring service through Credit Bureau Singapore (CBS), which will monitor their credit report and alert them of any suspicious activity.

"We are disappointed with what has happened, and I would like to personally apologise for any inconvenience caused,” said MyRepublic chief executive officer Malcolm Rodrigues.

"We are reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again.”

Customers may reach out to MyRepublic if they have any further questions or concerns.