About 8,200 customers of DBS Bank – as well as 3,000 from the Bank of China’s Singapore branch – have had their customer information compromised after a printing vendor was hit by a ransomware attack.
Ransomware Attack Hits DBS Bank’s Printing Vendor
On Monday (Apr 7) night, DBS Bank said it was informed by Toppan Next Tech (TNT), one of its vendors for the printing of customer statements and letters, on Apr 5 at 10.21 pm that it had been a victim of a ransomware attack.
Compromised Information
The majority of the compromised statements and letters relate to accounts under the bank’s brokerage arm, DBS Vickers. The remaining statements mainly consist of Cashline loan accounts.
The bank said that customer data in the statements and letters that could have potentially been compromised include first and last name, postal address, as well as details relating to equities held under DBS Vickers and Cashline loans.
It noted that the statements and letters do not contain log-in credentials, passwords, NRIC details, deposit balances or total wealth holdings.
Bank’s Response
DBS Bank said it will be contacting potentially affected customers “as a matter of priority”, with impacted customers who have registered their e-mail address with the bank to be informed by Tuesday.
Should the bank not have the customer’s e-mail details, it will inform these individuals through physical mail sent directly from the bank on Tuesday.
CSA and MAS Joint Statement
In a separate joint statement released on Monday night, the Cyber Security Agency of Singapore (CSA) and the Monetary Authority of Singapore (MAS) said they were aware of a ransomware attack reported by TNT to the Personal Data Protection Commission on the evening of Apr 6.
“The attack has led to customer information from DBS Bank and Bank of China Limited, Singapore branch, being extracted by the threat actor,” both agencies said.
Conclusion
DBS Bank and the Bank of China have assured customers that their deposit and monies “remain safe” and that there is no evidence of any unauthorized DBS transactions resulting from the incident. The banks are taking steps to inform affected customers and are working with the relevant authorities to contain the situation.
FAQs
Q: How many customers were affected by the ransomware attack?
A: About 8,200 customers of DBS Bank and 3,000 customers of the Bank of China’s Singapore branch.
Q: What type of information was compromised?
A: First and last name, postal address, and details relating to equities held under DBS Vickers and Cashline loans.
Q: Are customer log-in credentials, passwords, or deposit balances affected?
A: No, the compromised statements and letters do not contain log-in credentials, passwords, NRIC details, deposit balances, or total wealth holdings.
Q: What is DBS Bank doing to inform affected customers?
A: The bank will be contacting potentially affected customers “as a matter of priority”, with impacted customers who have registered their e-mail address with the bank to be informed by Tuesday. If the bank does not have the customer’s e-mail details, it will inform these individuals through physical mail sent directly from the bank on Tuesday.
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
English
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sundanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu