A ransomware attack on Toppan Next Tech (TNT), a printing vendor, has potentially exposed personal data of approximately 11,200 customers from DBS Bank and Bank of China’s (BOC) Singapore branch.
Preliminary investigations suggest that customer statements and letters were compromised during the breach.
Go deeper with GlobalData
DBS Bank has disclosed that the ransomware attack may have affected customer statements and letters of about 8,200 customers.
The bank emphasised that there has been no evidence of unauthorised transactions stemming from the incident, with the breach mainly affecting brokerage DBS Vickers and loan service Cashline.
On the other hand, BOC Singapore has reported that around 3,000 customers might have been impacted by the security breach, involving paper letters printed and distributed by Toppan.
Both DBS and BOC assured that their internal systems remain secure and customer deposits are safe.
TNT’s initial review suggests that the potentially compromised documents were mainly sent to individual customers, with dates spanning December 2024 to February 2025. It remains uncertain if the cybercriminals were able to decrypt the encrypted files sent by DBS for printing.
The information at risk includes customers’ names, postal addresses, and details of equities held with DBS Vickers, as well as Cashline loan information.
However, sensitive details such as login credentials, passwords, and national identification numbers were not contained in the affected documents.
Following the breach, DBS has ceased all printing operations with Toppan and has increased surveillance to detect any unusual account activities.
BOC highlighted that the data breach included customer names, addresses, and in some instances, loan account numbers, but did not compromise transaction banking information or login details.
Toppan informed the Personal Data Protection Commission about the attack on 6 April, stated the Cyber Security Agency of Singapore (CSA) and the Monetary Authority of Singapore (MAS).
CSA is assisting Toppan with the investigation and containment measures, while MAS is closely working with the affected banks on their risk reduction strategies.
The banks involved have initiated enhanced monitoring of the relevant accounts and are proactively reaching out to the affected customers.
Toppan described the incident as a “random ransomware attack” on its Joo Koon Circle site and said it has “immediately cut off the entry point from which the attacker entered the network”.
The company is also working with a specialist forensic investigation firm to determine the scope and cause of the attack.
