When a tech-savvy, security-oriented supplier faltered in a ransomware incident, it dragged down two of its highly regulated clients with it.
On 6 April 2025, a supplier to DBS Bank and Bank of China Limited in Singapore had reported a ransomware attack to the Personal Data Protection Commission.
As a supplier of printed materials to the two firms, Toppan Next Tech (TNT) had access to DBS Vickers and Cashline customers’ postal addresses and details of their trading and other activities. The latter firm has declared that the personal data of around 8,200 clients had been compromised due to their supplier’s ransomware attack.
In the case of Bank of China, the personal details of around 3,000 customers had been stolen due to the data being used by their supplier to print paper letters.
Both banks have declared that customer monies remain safe, as there is no evidence of unauthorized transactions resulting from the theft of the data. However, the Cyber Security Agency of Singapore (CSA) has placed the banks on enhanced monitoring.
According to Gareth Russell, Field Chief Technology Officer (Security, APAC), Commvault, “the security of an organization is only as strong as its weakest link” — in this case, supply chain risks. “Third-party vendors can pose significant risks, and it is essential to manage these risks proactively. Organizations need to adopt an ‘assume breach’ mindset, adopting tighter controls around data sharing, regular testing of recovery plans across all environments, and a shift from purely preventive strategies to ones focused on recovery and continuity. By understanding and managing third-party risks, organizations can enhance their overall cyber resilience and protect their customers’ data.”
On its website TNT is said to use AI, automation and robotics to “build a safer and secure future”. Its general manager, Terence Ng, has held key roles in FireEye, Dell, HPE, Sun Microsystems, and Singapore Computer Systems. He cites TNT being a “partner of choice for Singapore and foreign governments, financial institutions, and organizations, whom they trust to handle specialized integrated security projects.”