The Singapore servers of a Fullerton Health services vendor were hacked in early October. Following the breach, the sensitive data of 400,000 people, as well as insurance policy details, went for sale on October 11 for $600 in Bitcoin. The data sale post was taken down on October 22, but it’s not known why.
The unidentified actors have shared a sample document showcasing the data they are selling. It included customer names, ID numbers, bank accounts, employers and medical history, and data about clients’ children. Another sample document had the Fullerton Health and Singapore Airlines letterheads.
Even though the actors were not identified, they
seem to specialize in stealing data from e-commerce and healthcare organizations and are currently active across many nations.
On October 19, Fullerton Health informed its vendor, Agape Connecting People, of the breach. Agape officials said the breach was isolated and the compromised servers were immediately taken down upon discovery, stating that no credit card or password information was exposed. They have also informed Singapore’s Personal Data Protection Commission and are working with cyber-security experts to prevent future breaches.
