Due to a ransomware attack on Toppan Next Tech (TNT), contracted by DBS to print customer statements, some 8,200 customers' data have been "potentially compromised", says DBS.
In a separate statement posted on its website, Bank of China's Singapore branch says some 3,000 customers are similarly affected.
According to DBS, its own systems are not compromised. Customers' deposits and monies remain safe. So far, there is also no evidence of any unauthorised DBS transactions resulting from the incident.
The customers are mainly those of brokerage DBS Vickers and Cashline users.
"Investigations into the incident are ongoing," says DBS.
According to DBS, citing TNT’s preliminary review, the potentially compromised statements/letters were those largely sent to individual customers, dated December 2024, January 2025 and February 2025.
See also: A call to go beyond the humble backup
DBS sends customer statements/letters to TNT for printing in encrypted files.
"As investigations are still ongoing, it is not known if the threat actor was able to decrypt the files.
"Customer data in the statements/letters that could have potentially been compromised include first and last name, postal address, as well as details relating to equities held under DBS Vickers and Cashline loans.
See also: Noel Gifts announces breach on online ordering platform
"The statements/ letters do not contain login credentials, passwords, NRIC details, deposit balances or total wealth holdings," says DBS.
DBS points out the that incident did not occur within its systems. Nonetheless, it is contacting potentially affected customers as a matter of priority.
Impacted customers who have registered their email address with the bank will be informed by tomorrow, April 8.
Where DBS does not have the customer’s email details, the customer will be informed by physical mail sent directly from the bank tomorrow.
“The confidentiality of our customers’ personal information is of paramount importance to us, and we understand the seriousness of the situation," says DBS Singapore country head Lim Him Chuan.
"To protect customers, we have halted all printing jobs with TNT and ramped up surveillance to monitor any unusual activity on potentially impacted accounts. We are sorry for the anxiety caused.”
Customers who suspect that they are a victim of a scam can call DBS’ dedicated fraud hotline at 1800-339-6963 (from Singapore) or (+65) 63396963 (from overseas) and speak to a DBS Customer Service Officer, or activate Safety Switch to temporarily block access to their funds. Impacted customers are also urged to lodge a fraud report with the Singapore Police Force.
To stay ahead of Singapore and the region’s corporate and economic trends, click here for Latest Section
As stated by Bank of China on its Singapore branch website, the data exposed included customer name, address and in some cases, the loan account number.
"No transaction banking information or credentials such as customer log-in information were affected in the Incident. Your accounts remain secure and fully operational."
In a joint statement, the Monetary Authority of Singapore and the Cyber Security Agency of Singapore noted that the attack was reported on April 6.
CSA says it is helping TNT in their investigations and is advising them on containment measures.
MAS, meanwhile, is in close engagement with the affected banks on their risk-mitigating measures and follow-up with customers.
"The impacted banks have placed the relevant accounts on enhanced monitoring, and are contacting affected customers as a matter of priority."
