Starhub Cyberattack: Personal Data of 57,000 Leaked

Singapore pay-TV provider is currently in the process of notifying  57,191 customers that they are a victim of a cyberattack that leaked the customer’s national identity card numbers, mobile numbers and email addresses.

The attack:

Although investigations are ongoing, the company believes that the data has not been misused. The affected customers were subscribers prior to 2007. The breach was identified on July 6th, and disclosed on August 6th.

The disclosure is in response to Singapore’s Personal Data Protection Act 2012 (PDPA) which is a guideline that sets out the standards for storing personal data, as well as disclosing when a breach has occurred.

What they disclosed to customers:

Emails will continue to be sent out to customers until August 20, the email was leaked to the register which reads:

During a proactive online surveillance earlier this month, we discovered, on a third-party data dump website, an illegally uploaded file containing certain limited types of personal information related to your StarHub subscription from before 2007.

How did it happen:

Investigations are ongoing and are being looked at by digital forensic and cybersecurity experts.

What they said:

“StarHub notified our affected customers progressively from 6 August 2021, in accordance with Section 26D of Singapore’s Personal Data Protection Act 2012… As far as we are aware, this is an isolated incident which involved a data file that contains limited types of information belonging to certain individual customers.” VP Cassie Fong told The Register.