In a media statement on Thursday, Singtel said it was informed by third-party vendor Accellion that its file sharing system FTA (File Transfer Appliance) was “illegally attacked by unidentified hackers”.
FTA is a standalone system used to share information internally and with external stakeholders, said Singtel.
“Accellion has informed that this incident is part of a wider concerted attack against users of their file sharing system,” the Channel News Asia reported quoting Singtel release.
“Customer information may have been compromised. Our priority is to work directly with customers and stakeholders whose information may have been compromised to keep them supported and help them manage any risks.
“We will reach out to them at the earliest opportunity once we identify which files relevant to them were illegally accessed,” said Singapore Exchange-listed Singtel.
The company has since suspended the use of the system, it added. It has also started investigations, and is working closely with cyber security experts and relevant authorities, including the Cyber Security Agency of Singapore.
In a press release, Accellion said it has patched all known vulnerabilities exploited by the hackers and added new monitoring and alerting capabilities to flag anomalies associated with the attack vectors.
Singtel said the breach was an isolated incident involving the third-party system, and that its core operations remain “unaffected and sound”.
“We have since suspended all use of the system and activated investigations, working closely with cyber-security experts and the relevant authorities, including the Cyber Security Agency of Singapore, which is providing additional guidance,” The Straits Times quoted the telco as saying.