Cyber Incident Victim: WhizComms

On April 21, 2023, staff of the broadband service provider WhizComms detected a data breach incident while conducting a scan of the customer database. The scan revealed that an external party had gained unauthorized access to the firm's web server. The third party successfully downloaded scanned images containing customers' personal information. Upon discovery of the breach, WhizComms immediately took action to block any further third-party access to the compromised systems, preventing additional data exfiltration. The company also filed a police report regarding the incident, though further details on the investigation were not disclosed, citing its ongoing nature.

The scope of the incident was significant, affecting approximately 24,000 customers. This figure represented roughly half of WhizComms' entire customer base. The compromised data consisted primarily of scanned images of National Registration Identity Cards (NRICs), which are collected from customers as a mandatory requirement for registering for the broadband service. In addition to the NRICs, some scanned images of work permits and visa approval documents were also downloaded by the unauthorized party. The company conducted a complete investigation into the breach and concluded that no other categories of information were compromised.

According to a company spokesman, the stolen data was limited to the information found on the physical documents themselves. The spokesman explicitly stated that customers' contact information and payment details were not accessed or stolen during the breach. Furthermore, while the scanned images of NRICs contained home addresses, the company noted that these addresses could differ from the actual installation addresses for the broadband service. The actual installation addresses were confirmed to be part of a separate dataset that was not accessed or exfiltrated by the third party.

The notification process for affected customers commenced on May 10, 2023, which was nearly three weeks after the initial detection of the breach on April 21. All affected individuals received a direct email informing them that their personal information had been accessed and downloaded by a third party. The email served to inform customers of the nature of the data that was taken, which was the scanned images of their identity documents. The company's communication outlined the specific types of documents involved but assured customers that more sensitive financial and detailed contact information remained secure.

The impact of the incident was confined to the potential misuse of the information contained on the identity documents. This typically includes details such as full name, date of birth, racial classification, and residential address, as found on an NRIC. The compromise of work permits and visas could expose similar personally identifiable information for foreign nationals. The company's response actions focused on containing the breach by cutting off access and involving law enforcement. There was no public indication that the company offered additional protective services such as credit monitoring, as the stolen data did not include information typically used for financial fraud. The company's public statements emphasized the limited nature of the breach and the steps taken to secure their systems following the unauthorized access.