Company says there has been no system compromise
UPDATED The personal data of more than 57,000 StarHub customers has been exposed in a data breach disclosed by the Singaporean telco.
StarHub’s cybersecurity team discovered the data on July 6 in a file that had been “illegally uploaded” to “a third-party data dump website”, according to a data breach alert published by StarHub on Friday (August 6).
The data file in question comprised “identity card numbers, mobile numbers, and email addresses belonging to 57,191 individual customers who had subscribed to StarHub services before 2007,” said StarHub.
The company emphasized that “no credit card or bank account information is at risk”.
StarHub added that “there is no indication that any data in this document has been maliciously misused”.
The telco – one of three major Singaporean telecommunications providers along with Singtel and M1 – said its IT systems and databases had not been compromised.
Upon finding the file, StarHub said it “activated an incident management team” and “attempted to have the document removed from the data dump site”.
It was also “working closely with cybersecurity experts and the relevant authorities”, and reviewing “existing security measures to protect core infrastructure and systems”.
Victims are being notified via email and being offered six months of complimentary credit monitoring, a process StarHub said it expected to conclude within 14 days.
“Data security and customer privacy are serious matters for StarHub, and I apologise for the concern this incident may be causing our affected customers,” said StarHub CEO Nikhil Eapen.
“We have made substantial cybersecurity investments over the years, shoring up our cyber defences, and we will continue to stay vigilant in safeguarding our infrastructure and IT systems against cyber threats.”
He added: “We assure our customers that StarHub will continue to take all protection measures to ensure their information is safe with us.”
A spokesperson for StarHub told The Daily Swig: “We would like to reiterate that we have investigated and verified the integrity of our network infrastructure, and that no StarHub information systems nor customer database are compromised. We are continuing to investigate the incident with the assistance of a leading cybersecurity firm, as well as working with the relevant authorities.”
News of the data leak follow’s last month’s announcement by StarHub that it was giving away two-year rentals of its StarHub TV+ Box media player worth S$120 (US$88) to customers who hand in pirated set-top boxes.
Correction: The article strapline originally, and incorrectly, stated that StarHub said the data breach was “unrelated to [a] previous system compromise”. The company reiterated that there was no previous system compromise. The article was corrected accordingly on August 10. Additional comments from StarHub were also added.