- MyRepublic
Singapore, 10 September 2021 – MyRepublic Singapore announced today that it discovered an unauthorised data access incident on 29 August 2021, and has moved to support its customers in mitigating any possible risk. The unauthorised data access took place on a third-party data storage platform used to store the personal data of MyRepublic’s mobile customers. The unauthorised access to the data storage facility has since been secured, and the incident has been contained. MyRepublic has notified the Infocomm Media Development Authority and the Personal Data Protection Commission of the issue, and will continue to cooperate with those authorities. MyRepublic has also activated its cyber incident response team, which includes a team of external expert advisors such as KPMG in Singapore, to work closely with MyRepublic’s internal IT and Network teams to resolve the incident. “The privacy and security of our customers are extremely important to us at MyRepublic. Like you, we are disappointed with what has happened, and I would like to personally apologise for any inconvenience caused,” said Malcolm Rodrigues, CEO, MyRepublic. “My team and I have worked closely with the relevant authorities and expert advisors to secure and contain the incident, and we will continue to support our affected customers every step of the way to help them navigate this issue.” Based on MyRepublic’s investigation, the unauthorised access affects 79,388 mobile subscribers based in Singapore. The affected data storage platform contained identity verification documents related to customer applications for mobile services, including:
- For affected Singapore citizens, permanent residents and employment and dependent pass holders — scanned copies of both sides of NRICs;
- For affected foreigners — proof of residential address documents e.g. scanned copies of a utility bill; and
- For affected customers porting an existing mobile service — name and mobile number.