The name Accellion has been frequently mentioned in data breach news - an ironic reputation for a company that develops secure file sharing solutions.
Singtel, Singapore's multinational telecommunications conglomerate, is another victim of the Accellion data breach that occurred on December 23.
Singtel announced its impact in a public statement.
“Singtel has been informed by a third-party vendor Accellion that its file-sharing system called FTA has been illegally attacked by unidentified hackers.” Singtel said in its statement.
This incident is part of a wider supply chain attack. Other potential victims include ASIC, Allens, and the New Zealand Central Bank.
Investigations are ongoing, but Singtel already suspects that sensitive customer information was compromised.
“We are currently conducting an impact assessment with the utmost urgency to ascertain the nature and extent of data that has been potentially accessed. Customer information may have been compromised.”
Supply chain attacks are becoming popular because they make the life of a cyber attacker much easier. Third-party vendors need access to sensitive data in order to integrate with internal systems. Because each vendor stores sensitive data for all of its users, a hacker needs to only compromise a single vendor to impact multiple victims, rather than targeting each victim individually.
Accellion has said that they have now patched all vulnerabilities, but this is little consolidation to the many victims that need to recover from this breach. Had the data leaks exposing Accellion been identified earlier, this pernicious domino effect may have been avoided.