Telco Singtel and Ninja Logistics is Fined by PDPC for Data Breach Issue

Singapore’s official privacy watchdog for data breaches Personal Data Protection Commission has fined Singapore-based companies Singtel and Ninja Van. As the users were allowed to access other customers' accounts through the Singtel mobile app the Personal Data Protection Commission fined the Telco Singtel with $25,000. This issue in the Singtel mobile app exposed the billing information like names and addresses of more than 330,000 subscribers.

The whistleblowers came to notice that the communications between the app and Singtel’s servers could be manipulated to gain access to other users’ accounts. This vital information was reported to the Personal Data Protection Commission in May 2017 and at a step, they took an action against a data breach. The PDPC reported that the tool required for such a data breach is available online.

The hackers were able to extract the customer’s name, billing address, billing account number, mobile phone number as well as customer service plans (including data, talk time and SMS usage. Due to this data breach, many people were put to a state of risk.

A third-party vendor was hired by the Singtel to regularly test the security of the mobile app and system. Still, the vulnerability detected in 2017 was not rectified but previously a similar vulnerability was detected in 2015 and it was at a stand rectified by the Singtel. The PDPC revealed that this issue was due to the design issue in the security coding.