AXA Insurance has alerted its customers in Singapore via email that it was hit by a cyberattack yesterday (7 September 2017).
Personal data of 5,400 of its past and present customers on its Health Portal was compromised due to the cyber incident, said Eric Leylon, AXA's data protection officer, in the email.
He added the data that was exposed included customer's email address, mobile number and date of birth. However, no other personal data, such as NRIC number, address, credit card or bank details or health status, was compromised.
Even though affected customers do not need to take further action as the stolen data on its own is unlikely "to expose [them] to identity theft," Leylon advised customers to be vigilant against phishing attempts that aim to steal other personal details.
"In the unlikely event you feel that you may have inadvertently disclosed personal data as a result of a phishing attempt in the last few months, it is possible that this could be connected to this hacking incident, and if so, we urge you to file a police report. We also request that you reach out to us to let us know the details," he said.
According to Jean Drouffe, CEO of AXA Singapore, the company will be conducting a "thorough review of its IT systems" in light of this incident. It has also filed a police report and is working closely with authorities.
Commenting on this incident, a spokesperson from the Monetary Authority of Singapore (MAS) said that MAS has asked AXA to "conduct a thorough review of its IT security and remediate control gaps."
"We understand that AXA has taken steps to address the vulnerability in its Health Portal. MAS takes a serious view of this incident and is investigating the matter," the spokesperson added.
Meanwhile, the Cyber Security Agency of Singapore (CSA) stated that the incident is "a reminder that companies that collect and hold customer data are an attractive target for cyber criminals".
CSA thus urged such companies "to make the appropriate risk assessment, prioritise cybersecurity and adopt proactive measures to better protect themselves against cyber attacks."
Sign up for Computerworld eNewsletters.