06 August 2021
StarHub Mitigating Data Breach Incident, Starts Reaching Out to Affected Customers
Singapore, 6 August 2021 – StarHub announced today that on 6 July 2021 during a proactive online surveillance, its cybersecurity team discovered, on a third-party data dump website, an illegally uploaded file, containing limited types of personal information related to certain individual customers. The personal data appears to be around 14 years old. No credit card or bank account information is at risk and no StarHub information systems or customer database are compromised. At this time, there is no indication that any data in this document has been maliciously misused.
StarHub is treating this incident seriously and swiftly implemented the following actions from 6 July 2021 to protect customers’ interests:
- Activated an incident management team to assess and contain the situation
- Engaged a team of leading digital forensic and cybersecurity experts to launch an investigation
- Attempted to have the document removed from the data dump site
- Took immediate and appropriate actions to review existing security measures to protect core infrastructure and systems
Based on investigations to-date, the data file comprises identity card numbers, mobile numbers, and email addresses belonging to 57,191 individual customers who had subscribed to StarHub services before 2007.
“Data security and customer privacy are serious matters for StarHub, and I apologise for the concern this incident may be causing our affected customers. We will be transparent and will keep our customers updated. We will provide support to those affected,” said Nikhil Eapen, Chief Executive Officer of StarHub.
StarHub is working closely with cybersecurity experts and the relevant authorities on this matter. The company is also progressively notifying affected customers via email and assisting to safeguard their identity and personal information by offering six months of complimentary credit monitoring service through Credit Bureau Singapore. This process is expected to complete within the next 14 days. StarHub encourages the affected customers to sign up for this service after receiving its email notification, although there is no evidence to-date that the said data has been used inappropriately. To find additional information on this incident, customers can go to www.starhub.com/info-security.
“Ensuring security is a key area we constantly work on for our customers. We have made substantial cybersecurity investments over the years, shoring up our cyber defences, and we will continue to stay vigilant in safeguarding our infrastructure and IT systems against cyber threats. We also work closely with the regulators on an integrated cyber posture that protects not only StarHub but our retail and enterprise customers as well. We assure our customers that StarHub will continue to take all protection measures to ensure their information is safe with us. We are actively reviewing current protection measures and controls in order to implement and accelerate long-term security improvements,” Mr Eapen added.