AXA data protection chief Eric Lelyon sent an email to customers saying email addresses, cellphone numbers, insurance policy account numbers and dates of birth of current and previous customers had been hacked from its “Our Health Portal”.
Other personal data, including names, National Registration Identity Card details, addresses, bank details, health information, claims histories and the marital status of customers was secure, Lelyon announced.
He told customers that “no further action” was required from those customers affected as the hacked information was “not likely to, on its own, expose you to identity theft”.
But customers were warned to watch out for online scams as a consequence.
“In the unlikely event you feel that you may have inadvertently disclosed personal data as a result of a phishing attempt in the last few months, it is possible that this could be connected to this hacking incident, and if so, we urge you to file a police report. We also request that you reach out to us to let us know the details,” the email said.
Security specialist Gavin Chow at cyber solutions firm Fortinet said hackers might pretend to be from AXA or another commercial organisation to trick customers into revealing their ebanking log-in details or passwords.
Phishing, as it is called, can use email, texts or online messaging services like WhatsApp, through email and mobile numbers.
Cyber criminals could also try to deceive AXA customers into installing malware into their computers or cellphones, enabling hackers to steal one-time passwords sent via text to make fraudulent financial transactions.
“If anyone is using their birth dates as passwords, change it now,” warned Chow.
Singapore’s privacy commission, the Personal Data Protection Commission, said it had launched an investigation and that it understood AXA had addressed a vulnerability in its system.
The Singapore Cyber Security Agency said the incident was a reminder that firms which collected customer data were an attractive target for cyber crime.
“Hence, companies need to make the appropriate risk assessment, prioritise cybersecurity and adopt proactive measures to better protect themselves against cyber attacks,” an agency spokesman said.
Last year, data from 7,794 Aviva policyholders and their dependents was compromised when a printing firm, Toh-Shi Printing Singapore, sent out erroneous annual premium statements, leading to a fine of S$25,000 from the Singapore authorities.
Singapore’s technological advances make it more vulnerable to cyberattacks. Picture credit: Wikimedia