On September 10, MyRepublic Singapore announced that it discovered an unauthorized data access incident on August 29, 2021, and has moved to support its customers in mitigating any possible risk. The unauthorized data access took place on a third-party data storage platform used to store the personal data of MyRepublic’s mobile customers. The unauthorized access to the data storage facility has since been secured, and the incident has been contained.
Experts weighed in on the incident and what lessons can be learned.
Howard Ting, CEO at Cyberhaven:
"This breach is the latest in a string of examples that highlights how most services today involve a supply chain of vendors that can have access to our data. This is an important issue for individuals as well as enterprises. Too often, organizations have no visibility behind the curtain into how their service providers handle and protect their data. This demonstrates the need for more transparency and auditability so that customers can know the risk to their data."
Setu Kulkarni, Vice President, Strategy at NTT Application Security:
"Basic Confidentiality, Integrity and Availability (CIA) principles continue to be ignored resulting in “data incidents” like this. While this incident is reported as unauthorized data access, which is serious enough, it likely points to an even more serious systemic issue with the way security for this critical data at rest is being implemented."
Simon Aldama, CISSP, Principal Security Advisor at Netenrich: