Second Singtel subsidiary breach in a month sees customer and client data leaked
The incident at Singtel subsidiary Dialog follows the earlier breach at Singtel-owned Optus, Australia's second-largest telco
Telco giant Singtel has confirmed that another of its subsidiaries, Australian IT services firm Dialog, has been impacted in a cyber security incident.
Dialog confirmed that customer data was largely unaffected by the attack, with the only evidence of the leak thus far coming in the form of employee data leaked online.
The company noticed suspicious activity on its servers on 10 September and was resolved through a fast shutdown, resulting in minimal disruption, it said.
Subsequent analysis by a third-party cyber security specialist yielded nothing to suggest that data had been exfiltrated in the incident. However, on 7 October the firm discovered information relating to its current and former employees listed on the dark web.
Failure to adequately secure sensitive data can result in crimes such as identity theft, and the Office of the Australian Information Commissioner (OAIC) can fine entities up to $2.1 million (AUD) that breach its privacy laws.
“The Dialog Group (Dialog) today confirmed that the company has experienced a cyber security incident in which an unauthorised third party may have accessed company data, potentially affecting fewer than 20 clients and 1,000 current Dialog employees as well as former employees,” said the company in a press statement.
Cyber security in manufacturing
The increasing cost of cyber crime means manufacturers need to adaptFree Download
“We have notified the relevant authorities and are supporting those who may be impacted to protect against the risk of fraudulent activity."
The breach marks the second attack on a Singtel subsidiary in as many months, with its major telco Optus having suffered a cyber attack in September.
Optus was subsequently accused of having caused ‘systemic ID problems’ for more than 10 million Australians. Similar to the Dialog attack, no threat actor has come forward to claim credit for the incident, though Optus data was briefly posted to a hacker forum with a ransom demand before being pulled soon after.
In a statement, Singtel denied the two events were related.
“Dialog’s systems are completely independent from NCS, Optus, and Singtel," it said. "There is no evidence there is any link between this incident and the recent event experienced by Optus.”
Singtel confirmed to the Guardian that information stolen from the company in a 2020 cyber attack was also posted on a hacking forum on 7 October. The 2020 attack had involved the data exfiltration of 129,000 customers and 23 companies.
2022 State of the multi-cloud report
What are the biggest multi-cloud motivations for decision-makers, and what are the leading challengesFree Download
The Total Economic Impact™ of IBM robotic process automation
Cost savings and business benefits enabled by robotic process automationFree Download
Multi-cloud data integration for data leaders
A holistic data-fabric approach to multi-cloud integrationFree Download
MLOps and trustworthy AI for data leaders
A data fabric approach to MLOps and trustworthy AIFree Download