Thousands of DBS Bank and Bank of China (BoC) customers in Singapore have had their personal data potentially compromised following a ransomware attack on Toppan Next Tech (TNT), a third-party vendor responsible for printing bank statements. The Monetary Authority of Singapore (MAS) is now investigating the breach.
DBS was alerted to the incident on 5 April, revealing that customer statements or letters belonging to approximately 8,200 clients may have been exposed. The data at risk includes customer names, mailing addresses, and details related to equities held under DBS Vickers and Cashline loans. However, the bank confirmed that no login credentials, NRIC numbers, deposit balances, or total wealth figures were compromised.
TNT, which receives encrypted files from DBS for printing, is still under investigation. It remains unclear whether the attackers managed to decrypt the data. As a precaution, DBS has suspended all printing jobs with TNT and ramped up monitoring for suspicious activity in affected accounts.
At BoC, around 3,000 customers have been impacted. Both banks are working closely with the Cyber Security Agency of Singapore (CSA), which is supporting TNT with forensic analysis and containment efforts. MAS says it remains in active contact with the affected banks to ensure customer safety and risk mitigation.