Cyber Incident Victim: Income Insurance

On May 25, Income Insurance was alerted to a ransomware attack on external vendor DataPost, which handles printing and mailing of documents. The attack was discovered by Income after being notified. Preliminary investigations by DataPost indicated that bonus statements of at least 146 policyholders were compromised, containing names, postal addresses, policy numbers and plans, and 2024 annual bonus amounts. Income stated that its own systems remained secure and showed no evidence of unauthorized access to its digital platforms.

Upon learning of the incident, Income immediately suspended all printing jobs with DataPost, blocked connections to the vendor, and reinforced firewall restrictions. The insurer placed itself on heightened alert to monitor for suspicious or unusual account activity and began contacting customers who were or may be affected. Income also sent emails to affected policyholders assuring them that their policies were safe and that no login information had been compromised, while providing advice on protecting against phishing attempts.

The compromised data included personal and policy information for at least 146 individuals, though Income noted that investigations were ongoing and more customers could be affected. DataPost reported that its investigation was in the early stages and that it would continue to comply with regulatory obligations. The Personal Data Protection Commission Singapore confirmed awareness of the cyber attack and opened an investigation. Income, with approximately two million customers according to the National Trades Union Congress, reiterated that its internal systems were not compromised.