128,000 borrowers’ data stolen after breach of third-party system used by S’pore licensed lenders
Source: Straits Times
Article Date: 26 Jul 2024
Author: Aqil Hamzah
The clients have had their “personal identifiable information” stolen, said the Ministry of Law in a statement on July 25.
The data of about 128,000 borrowers linked to a dozen licensed moneylenders was compromised after hackers breached the system of third-party IT vendor Ezynetic that hosted the information.
The clients had their “personal identifiable information” stolen, said the Ministry of Law in a statement on July 25.
The 12 moneylenders are Ban King Credit, Credit 21, Lending Bee, Katong Credit, Credit Thirty3, GS Credit, 1AP Capital, Creditmaster, BST Credit, U Credit, Horison Credit and Credit Matters.
The ministry said the moneylenders have started to inform borrowers of the breach, reminding them to stay vigilant against possible phishing scams.
Ezynetic and the moneylenders have filed reports with the police, the Cyber Security Agency of Singapore and the Personal Data Protection Commission.
A total of 20 firms made use of Ezynetic’s services but eight were unaffected, the statement said, adding that the third-party system is neither hosted on nor linked to the Government’s network.
To prevent any further breaches, the Credit Bureau Singapore (CBS) has restricted access to the Moneylenders Credit Bureau platform for all 20 firms that use Ezynetic’s services.
The platform, which functions as a central repository of data, hosts the loan and repayment records of all borrowers of every single licensed moneylender in Singapore.
Stressing that it takes a serious view of the data breach, the Ministry of Law said licensed moneylenders have a duty to protect any information in its possession or control, including those residing on third-party vendor systems.
Meanwhile, CBS said in a separate statement on July 25 that its Moneylenders Credit Bureau platform had not been compromised, refuting media reports that its centralised platform had been hacked.
The media reports claimed that a hacker group known as GhostR had obtained data from the platform on June 14 and would release “the credit bureau reports” of every borrower in Singapore.
However, CBS said the data breach affected only a third-party vendor engaged by some licensed moneylenders and it has determined that its central platform remains secure.
“We would like to assure the public that all personal data residing with the Moneylenders Credit Bureau database is safe and secure,” CBS added.
Concerned customers can call the Moneylenders Credit Bureau hotline on 6335-5897 or e-mail [email protected]
Source: Straits Times © SPH Media Limited. Permission required for reproduction.
46