Ransomware Attack on Vendor Exposes Customer Data at DBS and Bank of China Singapore

Singapore – A recent ransomware attack on Toppan Next Tech (TNT), a data vendor, has put the personal information of customers from Singapore’s DBS Group and Bank of China (BoC) at risk, raising concerns about the security of financial data in the region.

Details of the Attack

On April 5, 2025, DBS was informed of the data breach, which has since raised alarms regarding the potential exposure of sensitive customer information. Preliminary investigations by DBS indicated that around 8,200 customer statements may have been compromised. Fortunately, the bank clarified that its systems were not directly breached and that customer deposits and funds remain secure.

BoC also reported that approximately 3,000 of its clients were affected due to their paper correspondence being printed and distributed by TNT. The compromised data includes customer names, addresses, and, in some instances, loan account numbers.

Nature of Exposed Information

The data at risk includes essential identification details such as first and last names, postal addresses, and specifics of accounts held with DBS, including those associated with its trading platform, DBS Vickers, and its cashline loan services. The bank noted that most of these potentially compromised statements and letters were dispatched to individual clients between December 2024 and February 2025. DBS emphasized its commitment to protecting customer information, stating that it is taking the matter seriously and is cooperating with the authorities to mitigate any risks stemming from this incident.

Regulatory Response

In light of the attack, the Monetary Authority of Singapore (MAS) confirmed that it is in close contact with both affected banks to oversee their risk mitigation strategies and subsequent communications with customers. The Cyber Security Agency of Singapore (CSA) is also actively supporting TNT in the investigation to understand the full implications of the ransomware attack.

As cyber threats continue to escalate, financial institutions and their partners are reminded of the importance of implementing robust security measures to protect customer data.

Conclusion

This incident serves as a stark reminder of the vulnerabilities faced by financial institutions in today’s increasingly digital landscape. As investigations unfold, both DBS and BoC are expected to enhance their security protocols to prevent future breaches and reassure customers of their commitment to data protection.

For now, customers of both banks are encouraged to stay vigilant and monitor their accounts for any unusual activity. Further updates regarding this cybersecurity incident will be provided as more information becomes available.

Share this article: