Singapore's DBS, BoC customer data at risk after ransomware attack on vendor

(Reuters) - Some customer information from Singapore’s DBS Group and Bank of China’s branch in the country has potentially been compromised after a ransomware attack on their data vendor Toppan Next Tech (TNT).

 

DBS said on Monday customer statements of around 8,200 clients were at risk, but their systems were not compromised and customer deposits and monies remain safe. 

 

Bank of China revealed that around 3,000 customers whose paper letters were printed and distributed by Toppan have been affected. The data exposed included customer names, addresses and in some cases, loan account numbers.

 

DBS was informed about the ransomware attack on April 5 and preliminary investigations have revealed that most of the affected data pertains to accounts of DBS Vickers, its trading platform, with the rest relating mainly to cashline loan accounts.

 

The data at risk includes the first and last names of customers, postal addresses, and details of equities held under DBS Vickers and cashline loans.    

 

The bank also said the potentially compromised statements and letters were mostly sent to individual customers between December 2024 and February 2025.     

 

Separately, the Monetary Authority of Singapore (MAS) said it was in "close engagement" with the affected banks on their risk-mitigating measures and follow-up with customers, while the Cyber Security Agency of Singapore (CSA) said it was aiding TNT in the investigations.

 

 (Reporting by Adwitiya Srivastava in Bengaluru; Editing by Devika Syamnath)