Second Singtel subsidiary breach in a month sees customer and client data leaked

Singtel sign at the front of its office HQ
(Image credit: Getty Images)

Telco giant Singtel has confirmed that another of its subsidiaries, Australian IT services firm Dialog, has been impacted in a cyber security incident.

Dialog confirmed that customer data was largely unaffected by the attack, with the only evidence of the leak thus far coming in the form of employee data leaked online.

The company noticed suspicious activity on its servers on 10 September and was resolved through a fast shutdown, resulting in minimal disruption, it said.

Subsequent analysis by a third-party cyber security specialist yielded nothing to suggest that data had been exfiltrated in the incident. However, on 7 October the firm discovered information relating to its current and former employees listed on the dark web.

Failure to adequately secure sensitive data can result in crimes such as identity theft, and the Office of the Australian Information Commissioner (OAIC) can fine entities up to $2.1 million (AUD) that breach its privacy laws.

“The Dialog Group (Dialog) today confirmed that the company has experienced a cyber security incident in which an unauthorised third party may have accessed company data, potentially affecting fewer than 20 clients and 1,000 current Dialog employees as well as former employees,” said the company in a press statement.

RELATED RESOURCE

Cyber security in manufacturing

The increasing cost of cyber crime means manufacturers need to adapt

FREE DOWNLOAD

“We have notified the relevant authorities and are supporting those who may be impacted to protect against the risk of fraudulent activity."

The breach marks the second attack on a Singtel subsidiary in as many months, with its major telco Optus having suffered a cyber attack in September.

Optus was subsequently accused of having caused ‘systemic ID problems’ for more than 10 million Australians. Similar to the Dialog attack, no threat actor has come forward to claim credit for the incident, though Optus data was briefly posted to a hacker forum with a ransom demand before being pulled soon after.

In a statement, Singtel denied the two events were related.

“Dialog’s systems are completely independent from NCS, Optus, and Singtel," it said. "There is no evidence there is any link between this incident and the recent event experienced by Optus.”

Singtel confirmed to the Guardian that information stolen from the company in a 2020 cyber attack was also posted on a hacking forum on 7 October. The 2020 attack had involved the data exfiltration of 129,000 customers and 23 companies.

Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.