In a major data breach, personal information belonging to approximately 128,000 customers of licensed moneylenders in Singapore has been compromised following a cyberattack on a third-party IT vendor. The Ministry of Law (MinLaw) confirmed that the breach involved borrower data from 12 licensed moneylenders that utilize the services of Ezynetic, an IT vendor responsible for managing their data systems. This incident has resulted in the exposure of sensitive information, including names, NRIC numbers, and loan details.
Ezynetic’s system, which operates independently of the government’s network, was accessed by malicious actors, leading to the unauthorized extraction and distribution of personal identifiable information. According to MinLaw, the compromised data has been found on several websites, raising concerns about potential misuse. In response, the affected borrowers have been urged to remain vigilant for phishing attempts and other scams exploiting the stolen data.
The 12 affected moneylenders, including Ban King Credit, Credit 21, and Lending Bee, have reported the breach to the police, the Cyber Security Agency of Singapore (CSA), and the Personal Data Protection Commission (PDPC). They have also initiated notifications to their customers, advising them to be cautious and to monitor their personal information closely. Meanwhile, eight other licensed moneylenders that also use Ezynetic’s services were not impacted by the breach.
As a precautionary measure, Credit Bureau Singapore (CBS) has restricted access to Ezynetic’s platform for all 20 licensed moneylenders it supports. The Ministry of Law is closely investigating the breach in collaboration with the CSA and PDPC to ensure the security of affected organizations and to support their recovery efforts. MinLaw emphasizes the responsibility of licensed moneylenders to safeguard data, including that held by third-party vendors, underscoring the seriousness of the breach and its implications for data protection.
Reference:
