DBS Bank and Bank of China impacted in third party vendor data breach

Toppan Next Tech, a printing vendor for several financial institutions in Singapore, suffered a ransomware attack that compromised information associated with its clients’, including DBS Bank and Bank of China.

 

Recently, one of Singapore’s largest financial organisations, DBS bank, and Bank of China’s Singapore branch said they became aware of a ransomware attack on Toppan Next Tech (TNT), one of the banks’ vendors for the printing of customer statements and letters.

 

TNT said it launched an investigation and engaged external cyber security experts to determine the scope of the incident. The investigation revealed that at least 8,200 DBS customers and around 3,000 Bank of China customers were affected by the incident.

 

“The majority of these statements/letters relate to DBS Vickers accounts. TNT’s preliminary review indicates that the potentially compromised statements/letters were those largely sent to individual customers, dated December 2024, January 2025 and February 2025,” DBS Bank said in a press release.

 

The bank added that the letters sent to TNT for printing were encrypted and the vendor or the bank are yet to determine whether the threat actor was able to decrypt the files. The potentially compromised data includes names, postal addresses, and details relating to equities held under DBS Vickers and Cashline loans.

 

DBS added that login credentials, passwords, NRIC details, deposit balances or total wealth holdings were not affected as the information was not sent to TNT.

 

Bank of China also said that customer names, addresses and loan account numbers were potentially compromised during the incident. “No transaction banking information or credentials such as customer log-in information were affected in the Incident. Your accounts remain secure and fully operational,” the bank said.

 

Both the banks said that the data security incident did not affect their core banking operations and customers can continue to access their accounts without any issues.

 

In a statement shared with the media, DBS Singapore Country Head Lim Him Chuan said, “The confidentiality of our customers’ personal information is of paramount importance to us, and we understand the seriousness of the situation.

 

“To protect customers, we have halted all printing jobs with TNT and ramped up surveillance to monitor any unusual activity on potentially impacted accounts. We are sorry for the anxiety caused.”