Hackers have attacked a second subsidiary of Singapore Telecommunications Ltd (Singtel), the company said Monday, but analysts said it appeared the Southeast Asian telecom giant was not being specifically targeted.
In a filing with the Singapore Exchange, Singtel included a statement from Dialog, an Australia-based IT services consulting company it acquired in April, confirming that “an unauthorized third party may have accessed company data”.
Dialog said “fewer than 20” of its clients and about 1,000 current and former employees may have been affected.
The unauthorised access was detected on September 10, and on October 7 it was discovered that “a very small sample of Dialog’s data, including some employee personal information, was published on the Dark Web”, the company said.
Optus, Australia’s second-biggest telecom firm and also a Singtel subsidiary, revealed last month that information on up to 9.8 million of its customers — more than a third of the country’s population — may have been compromised in a massive cyberattack.
The Optus breach, one of the largest hacks in Australia’s history, led to the theft of customers’ names, birth dates, phone numbers, addresses, driver’s licence information and passport numbers, the company said.
Singtel, which also has major investments in India, Indonesia, the Philippines and Thailand, said in a statement to AFP that “there is no evidence to suggest there is any link between this incident and the recent event experienced by Optus”.
It also pointed out that Dialog is a newly acquired company.
Professor Liu Yang from the school of computer science and engineering at Nanyang Technological University (NTU) said there was no indication that Singtel was being targeted.
“Given the prevalence of cyber-breaches, this is likely to be a coincidence rather than a deliberate attack at Singtel,” he told AFP.
“Given the recent Telstra breach, there is an increased likelihood that the attacks are targeted at the Australian infrastructure instead,” he added. Telstra is Australia’s biggest telecommunications company.
US-based cybersecurity firm Trellix said the telecom sector was the most targeted industry worldwide in the first quarter of this year, accounting for 53 percent of total ransomware detections.
Other industries such as financial services and manufacturing, which hold vast amounts of sensitive data, “are also often the key targets for malicious actors”, Jonathan Tan, managing director for Asia at Trellix, told AFP.
The one common element is that “cybercriminals are now targeting new sectors that have long slipped under the radar,” he said.
“As organisations in these sectors shore up their defences, bad actors will continue to look for easier victims that are more likely to be caught off guard.”