128K Singapore borrowers’ data at risk, as hackers breach third-party system; phishing alert issued

Hackers have breached the IT system of third-party vendor Ezynetic, accessing the personal data of about 128,000 Singapore borrowers who gave the information to licensed moneylenders (LMLs).

A statement issued today by the Singapore Ministry of Law confirmed the breach and listed the 12 licensed moneylenders whose borrower database was hacked. These lenders are:

• Ban King Credit (S) Pte Ltd
• Credit 21 Pte Ltd
• Lending Bee Pte Ltd
• Katong Credit Pte Ltd
• Credit Thirty3 Pte Ltd
• GS Credit Pte Ltd
• 1AP Capital Pte Ltd
• Creditmaster Pte Ltd
• BST Credit Pte Ltd
• U Credit (Pte) Ltd
• Horison Credit Pte Ltd
• Credit Matters Pte Ltd

The law ministry statement said: “Ezynetic’s system, which is not hosted on or linked to the Government’s network, was accessed by a malicious actor and data was leaked. The data contains personal identifiable information belonging to an estimated 128,000 clients of the 12 LMLs. Data of the remaining 8 LMLs who use Ezynetic’s services was not affected.”

Borrowers are being contacted by their LMLs and being asked to “stay vigilant against possible phishing scams” following the data breach.

“As a containment measure, the Credit Bureau (Singapore) Pte Ltd (CBS), which is the designated credit bureau that operates the Moneylenders Credit Bureau (MLCB) platform, has restricted access to the platform for all 20 LMLs served by Ezynetic,” said the ministry statement.

“MLCB’s online functions remain fully available to the other 133 LMLs in Singapore. Borrowers with queries may reach out to their respective LMLs for more information,” it added.

Stating that the ministry took “a serious view of the data breach”, the statement informed the public that the matter was being investigated along with the Cyber Security Agency of Singapore and the Personal Data Protection Commission.