Customer Data at Risk Following Ransomware Attack on Vendor for DBS and Bank of China

Singapore, April 7, 2025 – A recent ransomware attack on Toppan Next Tech (TNT), a vendor providing data services to major financial institutions, has raised significant concerns regarding the security of customer information for Singapore’s DBS Group and the Bank of China’s (BoC) local branch. The breach has the potential to compromise sensitive customer data, although assurances have been made regarding the safety of customer funds.

Details of the Breach

DBS reported on April 7 that approximately 8,200 customer statements may have been put at risk. However, the bank clarified that its internal systems remained secure, and customer deposits are unaffected. Notably, the affected information pertains mainly to the bank’s trading platform, DBS Vickers, with additional elements linked to cashline loan accounts.

The data exposed in this breach includes customer names, addresses, and, in certain cases, loan account numbers. The Bank of China also confirmed that around 3,000 customers could potentially be impacted, specifically those whose paper correspondence was printed and distributed by TNT.

Scope of Affected Data

A significant portion of the data at risk involves communications sent to individual customers between December 2024 and February 2025. Customers may find their postal addresses and details pertaining to their DBS Vickers accounts, including equities held, at stake.

DBS was made aware of the ransomware attack on April 5, and preliminary investigations are ongoing to ascertain the full extent of the data exposure. The banks have indicated that they are prioritizing customer communication and risk mitigation in response to the incident.

Regulatory Oversight and Support

In light of the data compromise, the Monetary Authority of Singapore (MAS) has stated that it is closely working with the affected banks to ensure effective risk management strategies are in place. Additionally, the Cyber Security Agency of Singapore (CSA) is providing assistance to TNT in its investigations.

Cybersecurity continues to be a critical focus for financial institutions worldwide, especially as ransomware attacks become more prevalent. The incident serves as a reminder of the vulnerabilities that can arise from third-party vendors in the financial services sector.

Conclusion

As investigations continue, both DBS and the Bank of China are taking necessary precautions to address the ramifications of this attack. Customer safety and data protection remain top priorities as they navigate the challenges presented by this breach.

For affected clients, further updates from their banks should provide guidance on any required actions, as well as reassurance regarding the security of their investments and financial information.