Advertisements
A ransomware attack on printing vendor Toppan Next Tech (TNT) has resulted in the theft of customer information from DBS Bank and Bank of China’s Singapore branch.
The Cyber Security Agency of Singapore (CSA) and the Monetary Authority of Singapore (MAS) confirmed the breach on 7 Apr 2025.
Customer Data Compromised in Major Banking Security Incident
TNT reported the attack to the Personal Data Protection Commission on 6 Apr evening. DBS was notified about the incident at approximately 10:20pm on 6 Apr.
Advertisements
According to DBS, preliminary investigations show customer statements and letters of about 8,200 DBS customers have been potentially compromised. The majority relate to DBS Vickers accounts, with the remainder primarily consisting of Cashline loan accounts.
Bank of China separately confirmed that the breach affected around 3,000 of their customers whose paper letters were printed and distributed by TNT.
The potentially compromised statements and letters were those sent to individual customers dated December 2024, January 2025, and February 2025.
DBS pointed out that customer data in the statements that could have been compromised include first and last names, postal addresses, and details relating to equities held under DBS Vickers and Cashline loans.
Bank of China stated that the compromised data included names, addresses and, in some cases, loan account numbers.
Both banks stressed that no login credentials, passwords, NRIC details, deposit balances or total wealth holdings were contained in these documents.
Customer monies remain safe, and there is currently no evidence of any unauthorised transactions resulting from the incident.
Banking Security Response and Containment Measures
DBS sends customer statements and letters to TNT for printing in encrypted files. The bank noted that investigations are still ongoing, and it remains unknown if the threat actor was able to decrypt the files.
Advertisements
Upon notification of the breach, DBS immediately halted all printing jobs with TNT and increased surveillance to monitor unusual activity on potentially impacted accounts.
DBS Singapore country head Lim Him Chuan said the confidentiality of customers’ personal information was of paramount importance.
“To protect customers, we have halted all printing jobs with TNT and ramped up surveillance to monitor any unusual activity on potentially impacted accounts. We are sorry for the anxiety caused,” said Lim.
Both banks have placed relevant accounts under enhanced monitoring and are contacting affected customers as a priority.
DBS customers who registered their email addresses with the bank will be informed by 8 Apr 2025, while others will be notified by physical mail.
Advertisements
TNT stated that its Joo Koon Circle site was “the victim of a random ransomware attack to its business operations.” The company has engaged a specialist forensic investigation company to help look into the scope and cause of the incident.
CSA is aiding TNT in its investigations and advising it on containment measures, while MAS is in close contact with the affected banks regarding their risk mitigation strategies.
TNT managing director Chia Yan Heng said: “We deeply regret that this incident has occurred and apologise sincerely for any disruption or concern caused to our clients. We are in the process of conducting a security audit on all systems.”
The banks have reminded customers to remain vigilant against scams, including phishing attempts via email and SMS.
Customers are advised not to respond to unsolicited communications claiming to be from the bank and never to disclose personal or banking credentials to anyone.
Advertisements
DBS customers who suspect they may have fallen prey to a scam can call the bank’s fraud hotline at 1800-339-6963 from Singapore or +65 63396963 from overseas.
CSA advised organisations to refer to the agency’s advisory for prevention and mitigation measures against ransomware threats, which are increasing in frequency and sophistication.
These five GRCs could see the tightest battle in GE2025; here’s why:
Read Also: