SINGAPORE: The personal data of 5,400 AXA Insurance customers in Singapore was compromised in a cyberattack, according to an email the firm sent to affected customers.
In the email shared with Channel NewsAsia on Thursday (Sep 7), AXA data protection officer Eric Lelyon wrote that the stolen data included the email addresses, mobile numbers, insurance policy numbers and dates of birth of both past and present customers from its Our Health Portal.
No other personal data - such as the name, NRIC number, address, credit card, bank details, health status, claims history or marital status of customers - was stolen, he added.
Mr Lelyon wrote that "no further action" was required from affected customers as the information that was compromised was "not likely to, on its own, expose you to identity theft".
He warned customers, however, to be vigilant against phishing attempts for other personal details that could be linked to the cyber attack.
"In the unlikely event you feel that you may have inadvertently disclosed personal data as a result of a phishing attempt in the last few months, it is possible that this could be connected to this hacking incident, and if so, we urge you to file a police report. We also request that you reach out to us to let us know the details," Mr Lelyon wrote.
The French insurance company is taking the incident "very seriously" and has "taken all remedial actions to secure our Health Portal and to prevent a recurrence", he stated.
The firm has also filed a police report and is working closely with authorities, he added.
"We apologise to all our customers impacted by this incident. We wish to assure our customers that our Health Portal is now secure," said CEO of AXA Singapore, Jean Drouffe in a statement. "A thorough review of our IT systems is underway."
He added that most of the affected customers have been notified and that all remaining affected customers will be informed by Friday.
MAS ORDERS "THOROUGH REVIEW" OF AXA'S IT SECURITY
In response to Channel NewsAsia's queries, a spokesperson from the Monetary Authority of Singapore (MAS) said the authority has asked AXA to "initiate a thorough review of its IT security and to remediate control gaps".
"We understand that AXA has taken steps to address the vulnerability in its Health Portal. MAS takes a serious view of this incident and is investigating the matter," the spokesperson added.