Details of 146 Income Insurance policyholders compromised after cyber attack of external vendor
Source: Straits Times
Article Date: 30 May 2025
Author: Sarah Koh
The compromised statements include information such as names, postal address, policy number and plan, and annual bonus for the year 2024.
The personal and policy information of at least 146 Income Insurance policyholders have been compromised after a ransomware attack on an external vendor engaged by the insurer.
A statement on Income’s website on May 29 said it was alerted on May 25 to a ransomware attack involving DataPost, a company responsible for printing and mailing documents to Income’s policyholders.
Ransomware is a malicious software designed to block access to a computer system, often until a sum of money is paid.
Preliminary investigations by DataPost show that the bonus statements of at least 146 policyholders have been compromised, said Income, adding that investigations are still ongoing and more customers could be affected.
These statements include information such as names, postal address, policy number and plan, and annual bonus for the year 2024.
“Income Insurance’s systems remain secure and are not compromised or affected by this incident. There is currently no evidence of unauthorised access to any of its digital platforms or systems,” the insurer said.
Income added that it immediately suspended all printing jobs with DataPost after the insurer was informed of the cyber attack.
“As an additional safeguard, Income Insurance also blocked connections to DataPost and reinforced firewall restrictions.”
It added that Income is on “heightened alert” to monitor suspicious or unusual account activity, and is contacting customers who are or may be affected by the incident.
An e-mail from Income to a policyholder on May 29 seen by The Straits Times states that the customer’s policies are safe and no log-in information has been compromised.
The e-mail also included advice for customers on how to protect themselves against phishing attempts, such as not giving away login credentials and one-time passwords to others.
In a media reply, DataPost said its investigation into the attack is in the “early stages” and it “will continue to comply with all regulatory obligations throughout the course of the investigation”.
“We take the security of our data very seriously and will continue to take all necessary steps to address this situation,” a spokesperson said.
The company did not respond to a question about whether there were other clients affected by this ransomware attack.
When contacted, a spokesperson for the Personal Data Protection Commission Singapore said the agency is aware of the cyber attack and is investigating.
Income has around 2 million customers, according to the National Trades Union Congress’ website.
Source: The Straits Times © SPH Media Limited. Permission required for reproduction.
457