The personal information of around 5,400 present and former customers of AXA insurance, company of French Life Insurance, in Singapore got stolen in one cyber attack, spamfighter.com writes.
Eric Lelyon, the data protection officer, said in an email that the attack on their Health Portal happened recently, without mentioning the date. The firm has sent one email to the customers who were affected on 8th September, informing them about data breach, which compromised information like date of birth, mobile number, email address, and health policy number.
One police report has been filed by the firm. Jean Drouffe, CEO of AXA Singapore, apologized to all affected customers, and stressed that their company "takes customer privacy very seriously". Todayonline.com posted on September 8th, 2017, stating that "thorough review" of information technology systems of the company is under process.
The company also noted that hackers possibly could attempt to phish more information from customers, and thus requested them of getting more careful against such type of attempts.
The news breaks days after insurance company has decided of cutting 250 jobs from their department of IT in Hong Kong. Reuters reported that this cut was a part of the restructuring programme, trying to reduce the cost of the company. Asia IT operations of AXA are presently managed completely outside of Hong Kong, however Reuters has seen an internal memo according to which AXA will form 2 new centers of IT in Kuala Lumpur and Manila. Both centers together have staff of 410 people - 110 in the Kuala Lumpur and 300 in the Manila by next year end.
MAS (Monetary Authority of Singapore) spokesperson said in response to the queries of Channel NewsAsia that, authority asked AXA to "initiate a thorough review of its IT security and to remediate control gaps". He further added that they understand AXA has taken the steps for addressing vulnerability in their Health Portal. They now have ensured their customers that the health portal is now secured.
The spokesperson further added that MAS is taking up this incident very seriously, and are investigating this matter. The PDPC (Personal Data Protection Commission) told Channel NewsAsia that it knew about the incident of AXA, and thus investigating reported breach of data.