Stealing Personal Data from Thousands of AXA Singapore: Who is to Blame?
The personal data of 5,400 customers of AXA Insurance in Singapore has been stolen due to a cyber attack.
AXA Insurance Singapore was recently hit by a severe cyber attack, resulting in the theft of personal data belonging to 5,400 customers.
The life insurance company had since sent out e-mails to notify their customers of the breach. Apparently, customers’ e-mail addresses, mobile numbers and dates of birth are now at risk.
In the e-mail, AXA’s data protection officer Eric Lelyon said: “We wish to inform you that because of a recent cyber attack, personal data belonging to about 5,400 of our customers, past and present, on our Health Portal was compromised.”
Fortunately, there was no leaking of other personal information like name, NRIC number, address, credit card or bank details, health status, claims history or marital status.
AXA Singapore chief executive officer Jean Drouffe said the firm takes customer privacy very seriously and apologised for the breach. He also assured customers that the firm’s Health Portal “is now secure”.
However, he did not reveal when the cyber attack occurred and when he had discovered it.
“A thorough review of our IT systems is underway,” he assured.
Repercussions of the Breach
Drouffe also said the compromised data, by themselves, will not result in any case of identity theft.
However, he advised customers to be vigilant against phishing, most commonly via e-mail, to trick victims into disclosing their credentials.
AXA has since made a police report, and advised customers to do the same if they had inadvertently disclosed personal data as a result of phishing attempts in the last few months. It could have connections to the AXA hacking incident.
Meanwhile, the Monetary Authority of Singapore (MAS) has asked AXA to initiate a thorough review of its IT security and to remediate control gaps.
“We understand that AXA has taken steps to address the vulnerability in its Health Portal. MAS takes a serious view of this incident and is investigating the matter,” a MAS spokesman said in a statement.
Singapore Cyber Security Agency (CSA) said the incident is a reminder that companies that collect and hold customer data are an attractive target for cybercriminals.
In view of this, the CSA said companies must make the appropriate risk assessment, prioritise cybersecurity and adopt proactive measures. These could at least protect themselves against cyber attacks.
Gavin Chow, network and security strategist at cybersecurity solutions firm Fortinet, said hackers could masquerade as AXA or any commercial entity. This way, they can trick victims to reveal their e-banking username and passwords.
Hackers use a “phishing tactic” via e-mail, SMS and WhatsApp. They have managed to do this after accessing users’ e-mail addresses and mobile numbers.
Hackers could also trick victims into installing malware onto their computers or mobile phones. When malware has infected devices, hackers can steal one-time passwords sent via SMS for making fraudulent transactions.
“If anyone is using their birth dates as passwords, change it now,” said Chow.
Singapore’s privacy commission, the Personal Data Protection Commission, has stated it is investigating the breach. “We understand that AXA has addressed the vulnerability in their system,” a Commission spokesman said.
The AXA incident has reminded us to not overlook IT security. It is advisable to get help from experts in IT Security to secure your data. IT Solution is the best firewall service provider you can find. Their team can assist you to deliver high-performance, scalable security solutions that safeguard highly sensitive infrastructure data and provide robust cybersecurity.