Singtel, the Singapore-based telecom conglomerate, is the owner of Dialog. The company also owns Optus, the second-largest telecommunications company in Australia, which suffered a high-profile cybersecurity breach in September. Unfortunately, Singtel’s cybersecurity woes continue to pile up, as it confirmed last week that a dark web forum contained company data from a 2020 incident. In a statement, Singtel said that Dialog’s systems are completely independent of its own, as well as those of its companies Optus and NCS. “There is no evidence there is any link between this incident and the recent event experienced by Optus,” the statement adds.
Details of the Dialog Data Breach
Dialog Group is one of Australia’s leading IT services companies, employing over 1,200 IT specialists across seven cities. Dialog first detected unauthorized third-party access to its servers on Sept. 10. Consequently, it shut down the affected servers as a precaution. These servers were restored and functional within two business days. “We contracted a leading cyber security specialist to work with our IT team to undertake a deep forensic investigation and continuous monitoring of the Dark Web,” Dialog stated. “Our ongoing investigations showed no evidence of unauthorised downloading of data.” However, on Oct. 7, the company learned that a “very small sample” of its data was available on the dark web. Following this discovery, Dialog reached out to anyone potentially affected to provide information, support, and advice. The company has also notified the relevant authorities about the incident.
Cyber Incidents Continue to Mount for Singtel
Dialog joins Optus on the list of Singtel-owned companies to suffer cyberattacks in the last few weeks. Earlier last week, Singtel confirmed that a dark web forum did, in fact, contain company data from a 2020 data breach. In that instance, a third-party vendor’s file transfer application called Accellion FTA was the source of the cyberattack. Hackers exploited a zero-day vulnerability in Accellion FTA to illegally access Singtel’s data. Singtel learned about the illegal access in February 2021 and ceased the use of the application. However, the incident exposed the personal information of 129,000 customers and 23 businesses. The exposed information included “National Registration Identity care information, name, date of birth, mobile numbers and addresses.” Some former employees had their bank account details exposed, while 45 employees of a corporate client had their credit card information leaked. Singtel informed those affected by the incident at the time. However, reports claim that the post on the dark web forum is the first time the data was made public. The slew of incidents also appears to have affected Singtel’s shares, which were down 1.6%, as of 0315 GMT. If you found this story interesting, we recommend checking out our resources on the dark web. Contrary to popular belief, the dark web is not just a place for illegal activities. It can be a useful way for people at-risk, like journalists or activists, to communicate safely.
