Toppan Next Tech (TNT), a printing vendor contracted by Singapore’s Elections Department (ELD) for GE2025, suffered a **ransomware attack on April 1, 2024**. The breach compromised data of **over 11,000 customers** from two banking clients—**DBS Bank and Bank of China (Singapore branch)**—though preliminary investigations suggest **no voter data for GE2025 was exposed**. ELD confirmed it had not yet shared election-related data with TNT at the time of the attack but is closely monitoring the situation to mitigate risks. TNT reported the incident to the **Personal Data Protection Commission (PDPC)** on April 6, with the **Cyber Security Agency of Singapore (CSA)** assisting in containment and investigations. The attack follows TNT’s prior operational error in 2023, where **4,800 households in Tanjong Pagar GRC received duplicate poll cards** due to a printing mistake. While election operations remain unaffected, the breach highlights vulnerabilities in third-party vendors handling sensitive data for critical national processes.
Source: https://www.stomp.sg/trending-now/printing-vendor-hit-ransomware-attack-engaged-eld-ge2025
TOPPAN Next Tech cybersecurity rating report: https://www.rankiteo.com/company/toppannexttech
"id": "TOP1502015111625",
"linkid": "toppannexttech",
"type": "Ransomware",
"date": "6/2023",
"severity": "75",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '11,000+ (DBS Bank and Bank of '
'China Singapore customers)',
'industry': 'Printing Services / Election Operations',
'location': 'Singapore',
'name': 'Toppan Next Tech (TNT)',
'type': 'Printing Vendor'},
{'customers_affected': 'Part of 11,000+ compromised '
'records',
'industry': 'Financial Services',
'location': 'Singapore',
'name': 'DBS Bank',
'type': 'Bank'},
{'customers_affected': 'Part of 11,000+ compromised '
'records',
'industry': 'Financial Services',
'location': 'Singapore',
'name': 'Bank of China (Singapore Branch)',
'type': 'Bank'},
{'customers_affected': 'None (no voter data shared with '
'TNT for GE2025 yet)',
'industry': 'Public Sector / Elections',
'location': 'Singapore',
'name': 'Elections Department (ELD)',
'type': 'Government Agency'}],
'data_breach': {'number_of_records_exposed': '11,000+',
'personally_identifiable_information': 'Likely (customer '
'records)',
'sensitivity_of_data': 'High (banking customer data)',
'type_of_data_compromised': 'Customer data (likely PII)'},
'date_detected': '2025-04-01',
'date_publicly_disclosed': '2025-04-08',
'description': 'A printing vendor, Toppan Next Tech (TNT), suffered a '
'ransomware attack on April 1, 2025, compromising data of over '
"11,000 customers from DBS Bank and Bank of China's Singapore "
'branch. TNT is also engaged by the Elections Department (ELD) '
'for printing poll cards and ballot papers for GE2025, though '
'ELD confirmed no voter data was shared with TNT yet and no '
'election operations were affected. ELD is monitoring the '
'situation and working with TNT to enhance security measures. '
'The attack was reported to the Personal Data Protection '
'Commission (PDPC) on April 6, with the Cyber Security Agency '
'of Singapore (CSA) assisting in investigations and '
'containment.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to TNT '
'and affected banks',
'data_compromised': 'Customer data of 11,000+ individuals (DBS '
'Bank and Bank of China Singapore)',
'identity_theft_risk': 'Possible (customer data compromised)',
'operational_impact': 'None reported for ELD operations; banking '
'clients affected'},
'initial_access_broker': {'high_value_targets': 'Banking clients (DBS, Bank '
'of China) and '
'election-related data '
'(potential target)'},
'investigation_status': 'Ongoing (CSA assisting TNT with investigations)',
'post_incident_analysis': {'corrective_actions': 'TNT enhancing processes for '
'GE2025; ELD monitoring '
'closely'},
'ransomware': {'data_encryption': 'Likely (standard ransomware operation)'},
'references': [{'source': 'ST PHOTO / KUA CHEE SIONG (via Stomp)'}],
'regulatory_compliance': {'regulatory_notifications': ['Personal Data '
'Protection Commission '
'(PDPC) notified on '
'April 6, 2025']},
'response': {'communication_strategy': 'Media reply by ELD (April 8); PDPC '
'notified (April 6)',
'containment_measures': 'Advised by CSA; TNT enhancing processes '
'for GE2025',
'enhanced_monitoring': 'ELD monitoring TNT closely',
'incident_response_plan_activated': True,
'third_party_assistance': ['Cyber Security Agency of Singapore '
'(CSA)']},
'stakeholder_advisories': 'ELD monitoring situation; CSA advising TNT on '
'containment',
'title': 'Ransomware Attack on Toppan Next Tech (TNT) Affecting Banking '
'Clients and Elections Department Vendor',
'type': 'Ransomware Attack'}