The personal data of approximately 80,000 MyRepublic mobile subscribers was accessed without authorization last month.
The Singaporean communications services provider released a statement on Friday (September 10) claiming that the breach took place on August 29 via a third-party data storage platform used to store customer data.
The unauthorized access reportedly affected 79,388 mobile subscribers based in Singapore. The customer data contained personal information, including scanned copies of NRICs, proof of residential address documents and names and mobile numbers.
MyRepublic added that there is no reason to believe other sensitive data, such as payment information, was breached. The communications service provider has since secured and contained the incident.
The telco stressed that the unauthorized access had no operational impact on its services. Nevertheless, it has informed the Infocomm Media Development Authority and the Personal Data Protection Commission of the incident.
MyRepublic also activated its cyber incident response team, comprising a group of external expert advisors to work closely with its internal IT and Network teams.
“We are disappointed with what has happened, and I would like to personally apologize for any inconvenience caused,” said MyRepublic chief executive officer Malcolm Rodrigues.
MyRepublic said that it would give all affected customers a complimentary credit monitoring service through Credit Bureau Singapore (CBS), which will monitor their credit report and notify them when any suspicious activity occurs.
Rodrigues added: “We are reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again.”