The personal data of 5,400 customers of AXA Insurance in Singapore has been stolen due to a cyber attack.
AXA Insurance Singapore was recently hit by a severe cyber attack, resulting in the theft of personal data belonging to 5,400 customers.
The life insurance company had since sent out e-mails to notify their customers of the breach which left their e-mail addresses, mobile numbers and dates of birth exposed.
In the e-mail, AXA’s data protection officer Eric Lelyon said: “We wish to inform you that because of a recent cyber attack, personal data belonging to about 5,400 of our customers, past and present, on our Health Portal was compromised.”
Fortunately, no other personal information like name, NRIC number, address, credit card or bank details, health status, claims history or marital status were leaked.
AXA Singapore chief executive officer Jean Drouffe said the firm takes customer privacy very seriously and apologised for the breach. He also assured customers that the firm’s Health Portal “is now secure”.
However, he did not reveal when the cyber attack occurred and when it was discovered.
“A thorough review of our IT systems is underway. No financial or health data was compromised,” he assured.
Drouffe also said the compromised data, by themselves, will not result in any case of identity theft.
Customers are, however, advised to be vigilant against phishing, most commonly via e-mail, to trick victims into disclosing their credentials.
AXA has since made a police report, and advised customers to do the same if they had inadvertently disclosed personal data as a result of phishing attempts in the last few months as it could be connected to the AXA hacking incident.
Meanwhile, the Monetary Authority of Singapore (MAS) has asked AXA to initiate a thorough review of its IT security and to remediate control gaps.
“We understand that AXA has taken steps to address the vulnerability in its Health Portal. MAS takes a serious view of this incident and is investigating the matter,” a MAS spokesman said in a statement.
Singapore Cyber Security Agency (CSA) said the incident is a reminder that companies that collect and hold customer data are an attractive target for cyber criminals.
In view of this, the CSA said companies must make the appropriate risk assessment, prioritise cybersecurity and adopt proactive measures to better protect themselves against cyber attacks.
Gavin Chow, network and security strategist at cyber security solutions firm Fortinet, said hackers could masquerade as AXA or any commercial entity to trick victims to reveal their e-banking username and passwords.
This method, known as phishing, can be executed via e-mail, SMS and WhatsApp – now that hackers have users’ e-mail address and mobile number.
Hackers could also trick victims into installing malware into their computers or mobile phones. When phones are infected by malware, hackers can steal one-time passwords sent via SMS for making fraudulent transactions.
“If anyone is using their birth dates as passwords, change it now,” said Chow.
Singapore’s privacy commission, the Personal Data Protection Commission, said it is investigating the breach. “We understand that AXA has addressed the vulnerability in their system,” a Commission spokesman said.
The AXA incident has reminded us that IT security should not be overlooked. It is advisable to get help from experts who are specialised in IT Security to secure your data. IT Solution was one of the top 10 firewall service providers who can assist you to deliver high-performance, scalable security solutions that are designed to safeguard highly sensitive infrastructure data and provide enhanced cyber security.