Cyber Incident Victim: AXA
Date:
Sep 2017
Location:
Singapore
Summary
A cyber attack compromised the personal data of approximately 5,400 current and former customers of AXA Insurance's Singapore Health Portal, exposing email addresses, mobile numbers, and dates of birth. The firm confirmed no financial, health, or identity-related information—such as NRIC numbers, addresses, or credit card details—was breached and stated the portal had been secured following the incident. Authorities including the Monetary Authority of Singapore and the Personal Data Protection Commission initiated investigations, while the insurer advised affected individuals to remain vigilant against phishing attempts leveraging the stolen contact details. AXA filed a police report and launched an internal review of its IT systems under regulatory oversight.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 7, 2017, AXA Insurance’s Singapore division disclosed a cyber attack compromising the personal data of approximately 5,400 current and former customers through its Health Portal. The breach exposed customers’ email addresses, mobile phone numbers, and dates of birth. AXA confirmed that no other sensitive information—including names, NRIC numbers, addresses, credit card or bank details, health status, claims history, or marital status—was accessed or leaked. The company’s data protection officer, Eric Lelyon, notified affected customers via email, attributing the incident to a cyber attack but did not specify when the intrusion occurred or when it was detected. AXA Singapore CEO Jean Drouffe publicly apologized, emphasizing the company’s commitment to customer privacy and stating the Health Portal had been secured following the breach. He asserted the stolen data alone would not enable identity theft but advised vigilance against phishing attempts. AXA filed a police report and recommended customers report any suspicious disclosure of personal data linked to phishing activities in preceding months, suggesting potential connections to the breach.
The Monetary Authority of Singapore (MAS) directed AXA to conduct a comprehensive review of its IT security and address control gaps, confirming AXA had remediated the Health Portal vulnerability. MAS launched its own investigation, underscoring the seriousness of the incident. Singapore’s Cyber Security Agency (CSA) highlighted the breach as a reminder of cybercriminals’ targeting of customer data repositories, urging organizations to prioritize risk assessments and proactive security measures. The Personal Data Protection Commission (PDPC) also initiated an inquiry, acknowledging AXA’s remediation efforts. Security expert Gavin Chow warned that the exposed data could facilitate phishing campaigns via email, SMS, or WhatsApp, enabling credential theft or malware distribution. He specifically cautioned against using birth dates as passwords, advising immediate changes. AXA’s internal response included launching a thorough IT system review, though the company declined to disclose timelines for the attack or its discovery. No financial losses or health data compromises were reported, but the incident prompted coordinated oversight from Singaporean regulatory bodies.