Frequently Asked Questions

A third-party file sharing system provided by Accellion called FTA has been illegally accessed through a zero-day vulnerability or previously unknown vulnerability. Singtel uses this system to share information internally as well as with external stakeholders and organisations. Other customers of this Accellion system were similarly impacted. The system has been taken offline. Singtel has commenced a detailed forensic and criminal investigation involving cyber security experts, the Cyber Security Agency of Singapore and the Police.

After Accellion first informed us of the vulnerability on 23 December, we had in a timely manner, made a series of patches they provided to plug the vulnerability – the first patch was applied on 24 December and the second and last patch was applied on 27 December. There were no patches issued by Accellion since. On 23 January, Accellion issued another advisory citing a new vulnerability which the 27 December patch was not effective against and we immediately took the system offline. On 30 January, Accellion provided another patch for the new vulnerability which triggered an anomaly alert when we tried to apply it. Accellion informed thereafter that our system could have been breached and this had likely occurred on 20 January. We continued to keep the system offline and activated cyber and criminal investigations which has confirmed the 20 January date. Given the complexity of the investigations, it was only confirmed on 9 February that files were taken.

Singtel has suspended all use of the system and commenced a detailed forensic and criminal investigation involving cyber security experts, the Cyber Security Agency of Singapore and the Police. Based on investigations and analysis conducted so far, we have established which files on the Accellion FTA system were accessed illegally during the breach and which stakeholders have been impacted. We are moving with urgency to reach out to all affected individual and corporate customers to keep them supported on how best to manage the variable risks involved. We are conducting a thorough review of our processes and our file sharing protocols to further enhance our information security posture. Ensuring information is safe and secure remains a top priority.

This is an isolated incident involving a standalone third-party system. Our core functions and operations are unaffected and remain sound.

We have suspended all use of the system. We remain committed to ensuring information is safe and secure.

The FTA file sharing system was still a current product offered and supported by Accellion which only announced its end of life (effective 30 April 2021) on 28 January 2021.

It was unfortunate that the attack occurred while we were conducting a review to upgrade or replace the product and despite promptly updating the vulnerability patches provided by Accellion, the patches failed.

Given the complexity of the investigations, it has taken time to make an impact assessment. We have worked with the utmost urgency to ascertain the nature and extent of data that has been accessed. Based on investigations and analysis conducted so far with the help of cyber security experts, we are reaching out to affected stakeholders to keep them supported on how best to manage the variable risks involved.

We will notify affected individuals, either via email or post. And we will be in contact with the relevant representatives from affected enterprises.

We are conducting a thorough review of our processes. We will be evaluating our file sharing protocols to further enhance our information security posture. We remain committed to ensuring information is safe and secure.

Based on our investigations and analysis to date, the following is the exfiltrated data:

• Personally Identifiable Information of approximately 129,000 customers containing NRIC and some combination of the following information: name, date of birth, mobile number, address 
• Bank account details of 28 former Singtel employees  
• Credit card details of 45 staff of a corporate customer with Singtel mobile lines
• Some information from 23 enterprises including suppliers, partners and corporate customers

For security reasons, we are not able to provide details. We are reaching out to affected enterprises and assisting them in managing potential risks.

We will notify affected customers, either via email or post, about what personal details were accessed and how best they can manage the variable risks involved.

We will be in contact with the relevant representatives from affected enterprises to let them know what data has been compromised and how best to mitigate the risks involved.

If your information has been accessed illegally, we recommend you take the following steps to guard against potential risks:

• Do not use your personal information in your password and change your passwords regularly
• Set your password in a way that makes it very hard for people to associate with you (e.g., strong or complex password made up of alphanumeric characters and symbols)
• Stay vigilant against phishing attempts and monitor for any suspicious activity
• Never share your One-Time Password (OTP) with anyone, even your family members

Singtel will never ask you to disclose your password.

If you have been personally notified that your credit card or bank details have been compromised, we recommend you take additional steps to prevent misuse of this information:

• Check for any fraudulent activities and transactions on your credit card
• Inform the bank which issued your credit card that the details might have been compromised
• Immediately terminate and replace your credit card
• Cease using affected credit card number for your own transactions

To help affected individual customers manage potential risks, we have organised a complimentary 12-month IdentityForce monitoring service provided by Sontiq Inc, a leading global data and information service provider with over 40 years of experience and an award-winning track record,. This service monitors the web, social networks and public databases and notifies users of any unusual activity related to their personal information.

Affected individual customers will be informed on how to sign up for the service either via email or post. As this service will be provided by Sontiq Inc directly to you, please note Singtel's customer service officers will not be contacting you to see if you want to set up the service.

Singtel will be providing details on how to sign up for the identity monitoring service. Please note - this would be an opt-in service for individual customers affected by the breach. As this is a complimentary service, you do not have to provide any payment information at sign-up and the identity monitoring service will be automatically terminated at the end of the 12-month term.

Singtel’s customer service officers will not be contacting you to see if you want to set up the service. If you are contacted by any caller claiming to be from Singtel or our security company and offering you identity monitoring services, please hang up immediately. This is a scam call. Do not provide any details to callers soliciting your information for this purpose.

The IdentityForce identity monitoring service monitors the web, social networks and public databases on your behalf 24/7, looking for your details to immediately detect theft, loss or disclosure of your vital personal and financial information. If your information is found, you will be alerted instantly and given help and advice on what to do next to protect yourself from fraud.

Please note that you need to sign up for this complimentary service to activate it. The details on how to enrol are enclosed in our email or letter to affected individual customers.