DBS’ Printing Vendor Hit by Ransomware Attack

DBS Bank’s Customer Information Compromised in Ransomware Attack

Ransomware Attack on DBS Vendor Compromises Customer Information

About 8,200 customers of DBS Bank, as well as those of the Bank of China’s Singapore branch, may have had their customer information compromised after one of the bank’s printing vendors, Toppan Next Tech (TNT), was hit by a ransomware attack.

Incident Details

On Monday night (Apr 7), DBS Bank said it was informed by TNT, one of its vendors for the printing of customer statements and letters, on Apr 5 at 10.21 pm that it had been a victim of a ransomware attack.

The majority of the compromised statements and letters relate to accounts under the bank’s brokerage arm, DBS Vickers. The remaining statements mainly consist of Cashline loan accounts.

Customer Information Compromised

The bank said that customer data in the statements and letters that could have potentially been compromised include first and last name, postal address, as well as details relating to equities held under DBS Vickers and Cashline loans.

However, it noted that the statements and letters do not contain log-in credentials, passwords, NRIC details, deposit balances or total wealth holdings.

DBS Systems Not Compromised

DBS said its systems were not compromised by the ransomware attack and that customers’ deposit and monies "remain safe". There is no evidence of any unauthorized DBS transactions resulting from the incident so far.

Investigation and Response

In a separate joint statement released on Monday night, the Cyber Security Agency of Singapore (CSA) and the Monetary Authority of Singapore (MAS) said they were aware of a ransomware attack reported by TNT to the Personal Data Protection Commission on the evening of Apr 6.

"The attack has led to customer information from DBS Bank and Bank of China Limited, Singapore branch, being extracted by the threat actor," both agencies said. No customer log-in information was compromised.

Contact with Affected Customers

DBS said it will be contacting potentially affected customers "as a matter of priority", with impacted customers who have registered their e-mail address with the bank to be informed by Tuesday. Should the bank not have the customer’s e-mail details, it will inform these individuals through physical mail sent directly from the bank on Tuesday.

Response from DBS and Regulators

DBS said it immediately halted all printing jobs with TNT to protect its customers, and ramped up surveillance to monitor any suspicious or unusual activity on potentially impacted accounts. CSA said it was aiding TNT in their investigations and advising them on containment measures. Meanwhile, MAS said it is closely engaging affected banks on their risk mitigating measures and follow-up with customers.

Conclusion

The incident highlights the increasing threat of ransomware attacks on organizations, and the need for robust cybersecurity measures to prevent and mitigate such incidents.

Frequently Asked Questions (FAQs)

Q: Who were affected by the ransomware attack?
A: About 8,200 customers of DBS Bank, as well as those of the Bank of China’s Singapore branch, may have had their customer information compromised.

Q: What information was potentially compromised?
A: First and last name, postal address, and details relating to equities held under DBS Vickers and Cashline loans.

Q: Were DBS systems compromised?
A: No, DBS systems were not compromised by the ransomware attack.

Q: Will customers’ deposit and monies be affected?
A: No, customers’ deposit and monies "remain safe".

Q: How will affected customers be informed?
A: DBS will contact potentially affected customers "as a matter of priority", either by email or physical mail.

Q: What is being done to prevent and mitigate similar incidents in the future?
A: DBS has halted all printing jobs with TNT, and is ramping up surveillance to monitor any suspicious or unusual activity on potentially impacted accounts.