Customer Data Hacked, MyRepublic Singapore Apologizes

MyRepublic Singapore apologizes for the customer inconvenience. (photo credit: myrepublic)

JAKARTA - Singapore's MyRepublic state on Friday, September 10, that it had discovered an "unauthorized data access incident" affecting 79,388 subscribers.

The incident occurred on August 29 and affected Singapore-based MyRepublic mobile subscribers, said a source from a local telecommunications company.

"Unauthorized data access occurred on the third-party data storage platform used to store the personal data of MyRepublic mobile subscribers", it said in a statement.

According to the company, the Platform contains identity verification documents associated with customer applications.

This document includes scanned copies of both sides of the NRIC for affected customers who are Singaporeans, permanent residents or work permit holders and a dependent card.

For other affected foreigners, the data includes documents showing proof of residential address, such as a scanned copy of a utility bill.

For customers porting from existing cellular services, the data affected includes their names and phone numbers.

"There is no indication that other personal data, such as account or payment information, was affected", MyRepublic said. "Unauthorized access to the data storage facility has been secured, and the incident has been restricted".

It added that "no MyRepublic system was compromised and there was no operational impact on MyRepublic services".

MyRepublic CEO, Malcolm Rodrigues, said there was "no evidence" that any personal data had been misused. The company is already contacting customers who may be affected to provide them with support.

"We're also reviewing all of our systems and processes, both internal and external, to make sure something like this doesn't happen again", said Rodrigues.

All affected customers will be offered free credit monitoring services through the Singapore Credit Bureau, which will monitor their credit reports and notify them of any suspicious activity, the company said.

MyRepublic said it had notified the Infokom Media Development Authority and the Personal Data Protection Commission about the incident. They will cooperate with the authorities. They have also activated their cyber incident response team.

"The privacy and security of our customers is very important to us at MyRepublic. Like you, we are also disappointed by what has happened, and I would like to personally apologize for the inconvenience caused", said Rodrigues.