DBS, Bank of China Singapore customers' data extracted after printing vendor hit by ransomware attack

SINGAPORE: A ransomware attack on a printing vendor has led to the extraction of customer information from DBS and Bank of China, Singapore. 

The attack was reported by Toppan Next Tech (TNT) to the Personal Data Protection Commission on Sunday evening (Apr 6), the Cyber Security Agency of Singapore (CSA) and the Monetary Authority of Singapore (MAS) said on Monday.

"The attack has led to customer information from DBS Bank and Bank of China Limited, Singapore branch, being extracted by the threat actor. No customer log-in information has been compromised," said the authorities.

DBS said that it was informed by TNT of the incident at about 10.20pm on Saturday. 

"Based on preliminary investigations, customer statements/letters of about 8,200 DBS customers have been potentially compromised. The majority of these statements/letters relate to DBS Vickers accounts.

"The remainder is made up of mainly Cashline loan accounts. Investigations into the incident are ongoing," said DBS, adding that its systems were not compromised. 

"Customers' deposits and monies remain safe. So far, there is also no evidence of any unauthorised DBS transactions resulting from the incident."

The bank said TNT's preliminary review indicated that the potentially compromised statements and letters were those largely sent to individual customers. They were dated December 2024, January 2025 and February 2025.

DBS said that it sends customer statements and letters to TNT for printing in encrypted files.

"As investigations are still ongoing, it is not known if the threat actor was able to decrypt the files.

"Customer data in the statements/letters that could have potentially been compromised include first and last name, postal address, as well as details relating to equities held under DBS Vickers and Cashline loans," it said, noting that the documents do not contain login credentials, passwords, NRIC details, deposit balances or total wealth holdings.

While the incident did not occur within DBS’ systems, the bank said it takes the matter seriously and is contacting potentially affected customers.

Impacted customers who have registered their email addresses with the bank will be informed by Tuesday.

Where DBS does not have the customer’s email details, the customer will be informed by physical mail.

Upon being notified of the incident, DBS immediately halted all printing jobs with TNT.

DBS Singapore's country head Lim Him Chuan said the confidentiality of customers’ personal information was of “paramount importance” and that the bank understood the seriousness of the situation. 

“To protect customers, we have halted all printing jobs with TNT and ramped up surveillance to monitor any unusual activity on potentially impacted accounts. We are sorry for the anxiety caused.” 

CSA is aiding TNT in its investigations and is advising it on containment measures. 

MAS is in “close engagement” with the affected banks on their risk mitigating measures and follow-up with customers. 

“The impacted banks have placed the relevant accounts on enhanced monitoring, and are contacting affected customers as a matter of priority,” said CSA and MAS. 

As ransomware threats are increasing in frequency and sophistication, CSA advised organisations to refer to the agency’s advisory for prevention and mitigation measures.

SCAMS

The bank reminded customers to remain vigilant against scams, including phishing scams via email and SMS.

Scammers could also impersonate trusted individuals, such as bank representatives and government officials, to trick customers into disclosing personal or banking credentials.

Customers are advised not to respond to any unsolicited physical letters, emails or SMSes containing links or QR codes that claim to be from the bank.

They should also never disclose personal or banking credentials to anyone, including one-time passwords (OTPs), digital token requests and credit/debit card details. 

DBS customers who suspect that they may have fallen prey to a scam can call the bank’s fraud hotline at 1800-339-6963 from Singapore or +65 63396963 from overseas.

They can also activate the bank's Safety Switch feature to temporarily block access to their funds. Impacted customers are also urged to lodge a fraud report with the Singapore Police Force.