A cyber attack on AXA Insurance’s health portal has left 5,400 past and present policyholders in Singapore vulnerable.
According to the life insurance firm, the attackers stole personal data of policyholders, including their e-mail address, mobile number and date of birth.
Aside from these, no other personal data was leaked.
When contacted, AXA Singapore CEO Jean Drouffe told The Straits Times that the portal “is now secure” and that the stolen information is unlikely to expose customers to identity theft.
Nonetheless, victims are still at risk of being exposed to phishing, which is most commonly done via e-mail.
Bill Taylor-Mountford, the vice president of security intelligence company LogRhythm in Asia Pacific and Japan, says that says the attack shows cyber attackers “will go after any (industry)”.
Victims of the breach should change their e-mail passwords as soon as possible, and be extra vigilant with mobile calls “as they could likely be targets of phishing attacks”.
“While they did not manage to steal any information on health status, one can easily see the value in going after an insurance institution due to the sensitive data they hold,” he said.
In its report, The Straits Times said that AXA had sent out an e-mail to most of the affected customers on Thursday (Sept 7), and will notify remaining customers by Friday.
The e-mail quoted data protection officer Eric Lelyon as saying: “We wish to inform you that because of a recent cyber attack, personal data belonging to about 5,400 of our customers, past and present, on our Health Portal was compromised.”
AXA has filed a police report, and investigations are ongoing.