MyRepublic Singapore reports data incident, moves to support affected customers
Singapore, 10 September 2021 – MyRepublic Singapore announced today that it discovered an unauthorised data access incident on 29 August 2021, and has moved to support its customers in mitigating any possible risk.
The unauthorised data access took place on a third-party data storage platform used to store the personal data of MyRepublic’s mobile customers. The unauthorised access to the data storage facility has since been secured, and the incident has been contained.
MyRepublic has notified the Infocomm Media Development Authority and the Personal Data Protection Commission of the issue, and will continue to cooperate with those authorities.
MyRepublic has also activated its cyber incident response team, which includes a team of external expert advisors such as KPMG in Singapore, to work closely with MyRepublic’s internal IT and Network teams to resolve the incident.
“The privacy and security of our customers are extremely important to us at MyRepublic. Like you, we are disappointed with what has happened, and I would like to personally apologise for any inconvenience caused,” said Malcolm Rodrigues, CEO, MyRepublic. “My team and I have worked closely with the relevant authorities and expert advisors to secure and contain the incident, and we will continue to support our affected customers every step of the way to help them navigate this issue.”
Based on MyRepublic’s investigation, the unauthorised access affects 79,388 mobile subscribers based in Singapore. The affected data storage platform contained identity verification documents related to customer applications for mobile services, including:
- For affected Singapore citizens, permanent residents and employment and dependent pass holders — scanned copies of both sides of NRICs;
- For affected foreigners — proof of residential address documents e.g. scanned copies of a utility bill; and
- For affected customers porting an existing mobile service — name and mobile number.
There is no indication that other personal data, such as account or payment information, were affected. No MyRepublic systems were compromised and there was no operational impact on MyRepublic’s services.
MyRepublic will provide all affected customers with an offer to take up a complimentary credit monitoring service through Credit Bureau Singapore (CBS). Under this service, CBS will monitor their credit report and alert them of any suspicious activity. Customers who wish to take advantage of this offer may contact MyRepublic here.
Mr Rodrigues added, “While there is no evidence that any personal data has been misused, as a precautionary measure, we are contacting customers who may be affected to keep them informed and provide them with any support necessary. We are also reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again.”
Customers may also reach out to MyRepublic here if they have any further questions or concerns.