Singapore offers cyber agency support on Optus hack

A government regulatory agency has been embroiled in a hack on an IT services firm owned by Optus’ parent company, Singtel, as Singapore’s prime minister offered his country’s help in investigating the damaging cyberattack on the Australian telco.

The national IT services firm Dialog, which Singtel bought this year, disclosed a data breach on October 10 that it said potentially affected about 1000 of its employees and fewer than 20 clients. But an internal client email obtained by this masthead suggests the data accessed may include staff names, emails, and financial information for some clients’ staff, which could cumulatively total many more people than revealed so far.

Prime Minister of Singapore Lee Hsien Loong is in Australia for an annual leaders’ dialogue.Credit:Alex Ellinghausen

In the email, the National Heavy Vehicle Regulator told staff that an unknown intruder had accessed payroll information held by Dialog, which previously provided payroll services for a subset of its workers.

“The personal data that may have been accessed includes a range of payroll-related data including your name, employee number, email, bank details, tax file number, superannuation fund ID, and superannuation fund,” the regulator’s email reads.

Singtel, a telecommunications conglomerate with investments in Asia, Australia and Africa, is majority owned by Temasek Holdings, a sovereign wealth fund belonging to the government of Singapore. It has commented only once on the Optus hack in which personal information on almost 10 million Australians was stolen in a cyberattack, backing the company’s leadership and saying it was committed to cybersecurity.

Optus and Dialog are separate businesses with separate IT systems. There is no suggestion the hacks on the two companies are connected.

Singapore’s Prime Minister, Lee Hsien Loong, who is in Canberra for annual bilateral leaders’ talks, emphasised that despite Optus’ Singaporean ownership, it was headquartered and incorporated in Australia.

“Its operations are run out of Australia, not from Singapore, and therefore Australia’s rules and regulations apply in addressing this incident,” said Lee, who is the son of modern Singapore’s founding father, Lee Kuan Yew, and has led the one-party dominated city-state since 2004. He said Singtel was taking the incident seriously and supported Optus in meeting Australia’s requirements following the hack.

“Our cybersecurity and information communications agencies have also reached out to their Australian counterparts and stand ready to provide support to the Australian government should our assistance be needed,” Lee said at a press conference in federal parliament on Tuesday.

Dialog has not disclosed which of its other clients were affected or the extent of data taken, and would not directly discuss the truck regulator breach, with a spokeswoman saying “we are unable to discuss client circumstances”.

In a statement, the spokeswoman said it was working with Dialog and was committed to the cybersecurity of its staff.

“As a matter of priority, potentially impacted NHVR employees were directly informed and advised of the steps they should take in relation to the incident,” the spokeswoman said. A source familiar with the matter, who was not authorised to speak publicly, said staff had been offered free credit monitoring from Equifax.

Dialog’s spokeswoman said there was “no evidence of client data exfiltration”.

“There has been a very small sample of Dialog employee data published on the dark web,” she said. “We are acting in an abundance of caution.”

Hackers commonly publish samples of stolen data online to show that they possess much more information, which they then offer for sale to other criminals who can use it for identity theft or other scams.

Dialog’s spokeswoman said the company on September 10 had detected unauthorised access on its severs, which it shut down for two days as a protective measure and informed authorities. It began an investigation with an unnamed cybersecurity specialist which showed “no evidence of unauthorised downloading of data. Nevertheless, out of an abundance of caution, we contacted all potentially impacted clients to inform them of the incident.” The sample was later posted online.

Most Viewed in Technology

From our partners

Source: Read Full Article