Singapore — Singapore Telecommunications (Singtel) released a press statement on Thursday (Feb 11), saying that the file-sharing system of one of its third-party vendors, Accellion, had been hacked.
The company said that Accellion’s file-sharing system, called FTA, is a standalone system used to share information within the company as well as with external stakeholders.
The Singtel statement follows a statement by Accellion on Feb 1 that all the FTA customers had been informed of the breach on Dec 23, 2020.
Accellion, a cloud solutions firm based in California, told Singtel that the hack had been “part of a wider concerted attack against users of their file-sharing system”.
Singtel says it has since stopped using FTA and launched investigations into the matter, “working closely with cybersecurity experts and the relevant authorities, including the Cyber Security Agency of Singapore, which is providing additional guidance”.
The company is still carrying out an impact assessment on the breach “with the utmost urgency to ascertain the nature and extent of data that has been potentially accessed”.
However, it warned that customer information may have been compromised.
“Our priority is to work directly with customers and stakeholders whose information may have been compromised to keep them supported and help them manage any risks. We will reach out to them at the earliest opportunity once we identify which files relevant to them were illegally accessed,” Singtel added.
It also called the breach an isolated incident and issued an assurance that its “core operations remain unaffected and sound”.
The incident occurred late in 2020.
Accellion added in its latest statement that it “has patched all known FTA vulnerabilities exploited by the attackers and has added new monitoring and alerting capabilities to flag anomalies associated with these attack vectors”.
Mr Frank Balonis, the chief information security officer at Accellion, said: “We have encouraged all FTA customers to migrate to kiteworks for the last three years and have accelerated our FTA end-of-life plans in light of these attacks.”
Singtel is by not the only high-profile client of Accellion. The company’s customers include both government agencies and private firms including Deloitte, KPMG, Wirecard, the US Securities and Exchange Commission, NASA, Intel and the UK’s National Health Service.
SingTel’s parent company is Temasek Holdings.
/TISG
SingTel CEO takes 43 percent pay cut in 2018, still earns S$3.5 million