Introduction

A recent ransomware attack on Toppan Next Tech (TNT), a printing vendor for DBS Bank and Bank of China Singapore, has resulted in the unauthorized extraction of sensitive customer information. This alarming incident was officially reported to the nation's Personal Data Protection Commission on the evening of April 6.

Details of the Breach

According to the Cyber Security Agency of Singapore (CSA) and the Monetary Authority of Singapore (MAS), both banks confirmed that while customer statements and letters for approximately 8,200 individuals were potentially compromised, crucial credentials such as customer login details remain secure.

DBS disclosed that it had been informed of the breach by TNT late Saturday night. The compromised documents primarily consisted of statements related to DBS Vickers accounts and Cashline loan accounts, dated between December 2024 and February 2025.

No login information or sensitive personal data such as identity card details or bank balances was accessed during the attack. However, personal data, including names and postal addresses, were exposed, which raises serious privacy concerns.

Response from DBS Bank

Immediately following the breach notification, DBS ceased all printing tasks with TNT and is currently monitoring customer accounts for any unusual activity. DBS Singapore's country head, Lim Him Chuan, emphasized the bank's commitment to its customers' confidentiality and expressed regret for the anxiety caused by the incident. He stated, "We are taking this matter very seriously and have implemented enhanced surveillance."

Regulatory Response

Both the CSA and MAS are actively engaged with DBS and Bank of China to assess risk mitigation strategies and ensure affected customers are promptly notified. Those whose email addresses are on file will receive communications by the upcoming Tuesday, while others will be informed via physical mail.

Broader Implications

As such ransomware attacks grow in prevalence and complexity, organizations have been urged to adopt robust security measures. The CSA has already provided guidance on prevention tactics and risk management.

In the wake of this incident, customers are being urged to remain vigilant against potential scams that may arise from this situation. Scammers could exploit the breach to impersonate bank representatives and deceive customers into revealing personal and banking information. DBS has advised customers against engaging with unsolicited communications, including emails or messages featuring suspicious links or QR codes, emphasizing the importance of safeguarding personal information.

Customer Support