Singapore’s privacy watchdog fined Tech Mahindra $10,000 after it failed to protect the personal details of 2.78 million Singtel customers from unauthorised changes.
Because this incident inadvertently caused the personal data of one customer to be leaked online.
The incident was reported after the customers noticed someone else’s NRIC number, account number and billing address on the My Singtel app and the telco’s website.
Source: https://www.databreaches.net/singtel-vendor-tech-mahindra-fined-10k-for-data-breach/
TPRM report: https://scoringcyber.rankiteo.com/company/tech-mahindra
"id": "tec172301022",
"linkid": "tech-mahindra",
"type": "Data Leak",
"date": "04/2017",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '2.78 million',
'industry': 'Telecommunications',
'location': 'Singapore',
'name': 'Singtel',
'type': 'Telecommunications Company'}],
'attack_vector': 'Unauthorized changes',
'data_breach': {'number_of_records_exposed': '2.78 million',
'personally_identifiable_information': 'NRIC number, Account '
'number, Billing '
'address',
'type_of_data_compromised': ['NRIC number',
'Account number',
'Billing address']},
'description': 'Singapore’s privacy watchdog fined Tech Mahindra $10,000 '
'after it failed to protect the personal details of 2.78 '
'million Singtel customers from unauthorised changes. The '
'incident inadvertently caused the personal data of one '
'customer to be leaked online. The incident was reported after '
'the customers noticed someone else’s NRIC number, account '
'number, and billing address on the My Singtel app and the '
'telco’s website.',
'impact': {'data_compromised': 'Personal details of 2.78 million Singtel '
'customers',
'financial_loss': 'Fined $10,000',
'systems_affected': ['My Singtel app', 'Singtel’s website']},
'regulatory_compliance': {'fines_imposed': '$10,000'},
'title': 'Tech Mahindra Data Leak Incident',
'type': 'Data Leak'}