Cybersecurity News in Asia

Features
- Featured
  
  Editor's pick: Cybersecurity trends in 2026
  
  Wednesday, January 7, 2026, 10:36 AM Asia/Singapore | Cyberthreat Landscape, Features
- Featured
  
  Exploding identity fraud and deepfakes challenge manual oversight of autonomous AI
  
  Tuesday, December 30, 2025, 9:27 AM Asia/Singapore | Features, Newsletter
- Featured
  
  Amid rapid digitalization and lagging cybersecurity oversight, India buckles up
  
  Monday, December 22, 2025, 4:50 AM Asia/Singapore | Features
Opinions
Tips
Whitepapers
Awards 2025
Directory
E-Learning

Supply chain weakness sparks explosive data breach in Singapore

By CybersecAsia editors | Monday, April 14, 2025, 1:11 PM Asia/Singapore

When a tech-savvy, security-oriented supplier faltered in a ransomware incident, it dragged down two of its highly regulated clients with it.

On 6 April 2025, a supplier to DBS Bank and Bank of China Limited in Singapore had reported a ransomware attack to the Personal Data Protection Commission.

As a supplier of printed materials to the two firms, Toppan Next Tech (TNT) had access to DBS Vickers and Cashline customers’ postal addresses and details of their trading and other activities. The latter firm has declared that the personal data of around 8,200 clients had been compromised due to their supplier’s ransomware attack.

In the case of Bank of China, the personal details of around 3,000 customers had been stolen due to the data being used by their supplier to print paper letters.

Both banks have declared that customer monies remain safe, as there is no evidence of unauthorized transactions resulting from the theft of the data. However, the Cyber Security Agency of Singapore (CSA) has placed the banks on enhanced monitoring.

According to Gareth Russell, Field Chief Technology Officer (Security, APAC), Commvault, “the security of an organization is only as strong as its weakest link” — in this case, supply chain risks. “Third-party vendors can pose significant risks, and it is essential to manage these risks proactively. Organizations need to adopt an ‘assume breach’ mindset, adopting tighter controls around data sharing, regular testing of recovery plans across all environments, and a shift from purely preventive strategies to ones focused on recovery and continuity. By understanding and managing third-party risks, organizations can enhance their overall cyber resilience and protect their customers’ data.”

On its website TNT is said to use AI, automation and robotics to “build a safer and secure future”. Its general manager, Terence Ng, has held key roles in FireEye, Dell, HPE, Sun Microsystems, and Singapore Computer Systems. He cites TNT being a “partner of choice for Singapore and foreign governments, financial institutions, and organizations, whom they trust to handle specialized integrated security projects.”