Singapore has offered to help in Optus, Dialog hack probes

Singapore Prime Minister Lee Hsien Loong has offered help in investigating recent data breaches at two SingTel-owned companies in Australia: telco Optus, and IT services firm Dialog.

Optus revealed last month that data had been stolen affecting up to 10 million customers. The massive data leak included sensitive information such as passport and driver’s license numbers. Hackers had demanded a ransom of $1 million, although the demand was later retracted.  

Earlier this month, Dialog – which was acquired by SingTel earlier this year – revealed publicly that it had also experienced a data breach.

Lee says Singapore agencies ready to help

Prime Minister Lee said that while the cases are within Australia’s jurisdiction, Singapore takes the incident seriously and is ready to offer help if needed.

“Our cybersecurity and information communications agencies have also reached out to their Australian counterparts and stand ready to provide support to the Australian government should our assistance be needed,” Lee said on Tuesday whilst in Canberra for annual bilateral leaders talks.

Dialog has provided few details of its data breach, saying only that it may have affected around 1,000 of its employees and less than 20 clients.

Dialog client email expands details

A spokeswoman for Dialog said that there was “no evidence of client data exfiltration”, meaning that the hacker may not have downloaded or copied the data. She added that affected employees have been directly informed and advised of the steps to take in relation to the incident.

However, according to the Sydney Morning Herald, an internal email from a Dialog client – Australia’s National Heavy Vehicle Regulator (NHVR) – suggests that employee names, emails, and financial information for some clients may have been accessed. It is currently unclear how many people are affected, but it could be more than what has been disclosed.

Dialog provides payroll services for a subset of NHVR workers.

“The personal data that may have been accessed includes a range of payroll-related data including your name, employee number, email, bank details, tax file number, superannuation fund ID, and superannuation fund,” the regulator’s email reads.