Based on investigations and analysis conducted so far with the help of cyber security experts, the company established which files were accessed illegally during the breach and which stakeholders have been impacted.
“While this data theft was committed by unknown parties, I’m very sorry this has happened to our customers and apologise unreservedly to everyone impacted,” Singtel’s Group CEO Yuen Kuan Moon said in a statement late on Wednesday.
“Data privacy is paramount, we have disappointed our stakeholders and not met the standards we have set for ourselves,” he added.
Ironically, personal data of at least 26 lakh Airtel users — nearly all belonging to Jammu and Kashmir — was hacked and were being sold for $3500 in Bitcoin on the web, a claim that the company denied. The data of Airtel customers contained telephone numbers, addresses, Aadhaar numbers and other details.
In the case of Singtel, the data taken includes consumer information containing varying combinations of personally identifiable information.
Twenty-three enterprises have also been impacted. These include suppliers, partners and corporate customers.
“Given the complexity and sensitivity of our investigations, we are being as transparent as possible and providing information that is accurate to the best of our knowledge. We are doing our level best to keep our customers supported in mitigating the potential risks,” the Singtel CEO said.
A large part of the leaked data includes Singtel’s internal information that is non-sensitive such as data logs, test data, reports and emails.
Singtel has begun notifying all affected individuals and enterprises to help them and their staff manage the possible risks involved and take appropriate follow-up action.
“I want to emphasise that our core operations and functions remain unaffected and sound and this incident involves a standalone system provided by a third-party vendor”.
Te data theft includes bank account details of 28 former Singtel employees, credit card details of 45 staff of a corporate customer with Singtel mobile lines and some information from 23 enterprises.
According to Sonit Jain, CEO of GajShield Infotech, even though many enterprises may feel that they have robust security, they should not lose sight of data security.
“It requires deep visibility of contextual data which flows out of your organisation boundaries to understand the violations and data security health of your organisation. It should become mandatory for all organisation to not only report a breach, but also come out with details on how their data where breached,” Jain said in a statement.
Singtel said it is moving with urgency to reach out to all affected individual and corporate customers to keep them supported on how best to manage the variable risks involved.
“We are also appointing a global data and information service provider, to provide identity monitoring services at no cost to affected customers to help them manage potential risks,” the company said.