Your Title

SINGAPORE: The personal data of about 128,000 customers of 12 licensed moneylenders (LMLs) in Singapore has been stolen after the system of a third-party IT vendor they hired was hacked.

The Ministry of Law said the system of Ezynetic Pte Ltd (Ezynetic), which is not hosted on or linked to the government’s network, was accessed by a malicious actor and the data that contains personal identifiable information had been leaked.

“The 12 LMLs and Ezynetic have lodged reports with the police, the Cyber Security Agency of Singapore (CSA) and the Personal Data Protection Commission (PDPC).

“The LMLs have also begun notifying their customers of the breach and have reminded them to stay vigilant against possible phishing scams,“ the ministry said in a statement on Thursday.

The 12 LMLs affected are Ban King Credit (S) Pte Ltd, Credit 21 Pte Ltd, Lending Bee Pte Ltd, Katong Credit Pte Ltd, Credit Thirty3 Pte Ltd, GS Credit Pte Ltd, 1AP Capital Pte Ltd, Creditmaster Pte Ltd, BST Credit Pte Ltd, U Credit (Pte) Ltd, Horison Credit Pte Ltd, and Credit Matters Pte Ltd.

However, the data of the remaining eight LMLs who use Ezynetic’s services was not affected.

The ministry said it is investigating the case with the CSA and PDPC. It is also in close contact with Credit Bureau (Singapore) Pte Ltd (CBS) to support the affected LMLs’ business recovery efforts.

“As regulator of LMLs, the ministry takes a serious view of the data breach. The LMLs have a duty to protect any information in their possession or control. This includes information in their third party vendor’s systems,“ it said.

As a containment measure, CBS, which is the designated credit bureau that operates the Moneylenders Credit Bureau (MLCB) platform, has restricted access to the platform for all 20 LMLs served by Ezynetic.

The MLCB’s online functions remain fully available to the other 133 LMLs in Singapore.