The Singapore division of life insurance firm AXA Insurance has reportedly suffered a data breach, after hackers stole roughly 5,400 customers’ personal information from its Health Portal.
Numerous news outlets, including Singapore’s own The Straits Times, have reported that customers’ email addresses, mobile phone numbers, and birth dates were exposed in the breach, but not health and claims details or financial information.
The global insurance giant sent out an e-mail to affected customers today notifying them of the data breach.
In the e-mail, AXA’s data protection officer Eric Lelyon said: “We wish to inform you that because of a recent cyber attack, personal data belonging to about 5,400 of our customers, past and present, on our Health Portal was compromised.”
The details that were stolen included e-mail addresses, mobile numbers and date of births, but AXA claimed that no other personal data, including name, address, credit card or bank details, health status, claims history or marital status were exposed.
The insurer said that no other personal data including name, NRIC number, address, credit card or bank details, health status, claims history or marital status was exposed.
AXA made a police report, and advised customers to do the same if they had inadvertently disclosed personal data as a result of phishing attempts in the last few months as it could be connected to the AXA hacking incident.
The Monetary Authority of Singapore (MAS) has asked AXA to initiate a thorough review of its IT security and to remediate control gaps.
Singapore Cyber Security Agency (CSA) said the incident is a reminder that companies that collect and hold customer data are an attractive target for cyber criminals.
“Hence, companies need to make the appropriate risk assessment, prioritise cybersecurity and adopt proactive measures to better protect themselves against cyber attacks,” a spokesman said on Thursday.
“We apologise to all our customers impacted by this incident. We wish to assure our customers that our Health Portal is now secure,” said CEO of AXA Singapore, Jean Drouffe in a statement. “A thorough review of our IT systems is underway.”
It has not been revealed when the breach took place. The Monetary Authority of Singapore is reportedly investigating the incident.