Q: How did this data breach come about?
A: MyRepublic was informed of the incident by an unknown external party on 29 August 2021. The unauthorised data access took place on a third-party data storage platform used to store the personal data of MyRepublic’s mobile customers. We took immediate steps to secure the unauthorised access to the data storage facility, and the incident was contained as soon as possible.
Q: How would I know if I’m affected?
A: Based on our investigation, the unauthorized access affected only some of our mobile subscribers based in Singapore. If you were in this group, you would have received an email from us at the time with more information.
Q: Since the data breach, what steps has MyRepublic taken to remedy the situation?
A: The privacy and security of our customers are of utmost importance to us. Following the incident, we further reviewed all our systems and security processes thoroughly to mitigate any potential risks and gaps.
Shortly after the incident, we reached out to all our affected customers to offer support, including recommendations to minimize the risks of identity fraud and social engineering. We are heartened that to date, we have not had customers reporting the misuse of personal data arising from the incident.
Q: Is there anything I need to do to protect my personal data?
A: While we currently have no evidence of misuse of the personal data involved in this incident. It is important that you remain vigilant for any potential signs of identity fraud. We recommend that you:
- Keep an eye on your financial and other accounts for suspicious activity, such as unauthorised transactions and changes to account details, and notify your bank as soon as possible if you notice any such activity;
- Check with Singapore Post that your mail has not been redirected if you find you are not receiving mail, and secure your letterbox (fraudsters sometimes redirect or steal mail to avoid detection);
It is also possible that someone could contact you in an attempt to trick you into providing more personal data or access credentials - this is called “social engineering”. To protect yourself against social engineering, you should:
- Be wary of anyone contacting you who requests personal data or access credentials from you, even if they appear to know other details about you;
- Not respond to email or SMS messages asking for personal data (few legitimate organizations will ask for personal information by email or SMS); and
- Be careful of unsolicited telephone calls which purport to be from a government authority or business (if you think the call is genuine, hang up and call the authority or business back on their public telephone number).
Q: What are you doing to prevent something like this from happening again?
A: MyRepublic takes privacy and security of our customers very seriously. Following the incident, we have further reviewed all our systems and security processes thoroughly to mitigate any potential risks and gaps. We have commissioned a programme of security improvements to our systems to mitigate the risks of cyberattacks.
Q: Who can I contact if I have any questions?
A: You may reach out to our customer support team here.
Chat with our live agents for further assistance
Or, you can submit your query to us here and we
will get back to you within 3 working days