Ransomware Attack Hits Singapore’s DataPost, Affects Income Insurance Policyholders

A ransomware attack has hit Singapore-based data handling company DataPost, exposing the personal information of at least 146 policyholders from Income Insurance.

DataPost, which helps print and mail documents for various organizations including Income Insurance, confirmed that it's still investigating the cyberattack. Income Insurance said that the attack compromised customers’ bonus statements, which include personal details such as names, postal addresses, policy numbers, insurance plans, and annual bonuses for 2024.

The company discovered the breach on May 27 through cybersecurity sources including RedPacket Security and HookPhish. According to experts, the attack was highly coordinated and involved a known cybercriminal group called “Direwolf.” The group reportedly used multiple types of malicious software to steal data.

The Personal Data Protection Commission (PDPC) and the Cyber Security Agency of Singapore (CSA) have been notified and are currently investigating the case. CSA has also offered assistance to DataPost.

Income Insurance said it was alerted to the breach on Sunday and quickly responded by suspending all work with DataPost. It also blocked digital access to the company and strengthened its own cybersecurity defenses.

“There is no evidence so far that any of our systems were accessed,” said Income Insurance. The insurer is contacting all affected customers and says it is on “heightened alert” for any unusual activity.

CEO Andrew Yeo stressed that the privacy and security of customers is a top priority. “We understand the concern this may cause and are committed to providing updates as we learn more,” he said.

DataPost handles more than 40 million documents a month for clients including banks, telecom companies, and government agencies across Singapore and Malaysia. It is also the official provider for InvoiceNow, a government-backed e-invoicing system.

In a statement, DataPost said, “We take data security very seriously and are cooperating fully with authorities. We will meet all regulatory requirements as the investigation continues.”

Ransomware attacks involve criminals locking up a company’s data and demanding money in exchange for access. In this case, the attackers also stole the data, raising additional concerns.

Authorities and affected companies are urging caution and vigilance as the investigation unfolds.