128,000 borrowers’ data stolen from licensed moneylenders , Latest Singapore News - The New Paper
Singapore

128,000 borrowers’ data stolen from licensed moneylenders

128,000 borrowers’ data stolen from licensed moneylenders
The clients have had their “personal identifiable information” stolen, said the Ministry of Law in a statement on July 25.PHOTO: ST FILE
Aqil Hamzah for The Straits Times
Jul 25, 2024 02:43 pm

The data of about 128,000 borrowers linked to a dozen licensed moneylenders was compromised after hackers breached the system of third-party IT vendor Ezynetic that hosted the information.

The clients have had their “personal identifiable information” stolen, said the Ministry of Law in a statement on July 25.

The 12 moneylenders are Ban King Credit, Credit 21, Lending Bee, Katong Credit, Credit Thirty3, GS Credit, 1AP Capital, Creditmaster, BST Credit, U Credit, Horison Credit and Credit Matters.
 
The ministry said the moneylenders have started to inform borrowers of the breach, reminding them to stay vigilant against possible phishing scams.

Ezynetic and the moneylenders have filed reports with the police, the Cyber Security Agency of Singapore, and the Personal Data Protection Commission.

A total of 20 firms made use of Ezynetic’s services, but eight were unaffected, the statement said, adding that the third-party system is neither hosted on nor linked to the Government’s network.

To prevent any further breaches, the Credit Bureau Singapore (CBS) has restricted access to the Moneylenders Credit Bureau platform for all 20 firms that use Ezynetic’s services.

The data accessed by the hacker includes the personal information of members, such as their names, mobile numbers and login passwords.
Singapore

Chicha San Chen membership database hacked

Related Stories

MOE requests forensic investigation after data breach

App managing student devices in 127 schools hacked

Carousell fined $58k for data breaches

The platform, which functions as a central repository of data, hosts the loan and repayment records of all borrowers of every single licensed moneylender in Singapore.

Stressing that it takes a serious view of the data breach, the Ministry of Law said licensed moneylenders have a duty to protect any information in its possession or control, including those residing on third-party vendor systems.

Meanwhile, CBS said in a separate statement on July 25 that its Moneylenders Credit Bureau platform had not been compromised, refuting media reports that its centralised platform had been hacked.

The media reports claimed that a hacker group known as GhostR had obtained data from the platform on June 14, and would release “the credit bureau reports” of every borrower in Singapore.

However, CBS said the data breach only affected a third-party vendor engaged by some licensed moneylenders, and it has determined that its central platform remains secure.

“We would like to assure the public that all personal data residing with the Moneylenders Credit Bureau database is safe and secure,” CBS added.

Concerned customers can contact the Moneylenders’ Credit Bureau hotline at 6335 5897 or e-mail mlcb.cs@creditbureau.com.sg

Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now

hackingloansMINISTRY OF LAW