Statement by MinLaw on a Data Breach Involving the System of a Third-Party IT Vendor Engaged by Licensed Moneylenders

25 JUL 2024

25 July 2024 Posted in Replies

  1. The Ministry of Law (MinLaw) has confirmed a data breach involving borrower data of 12 licensed moneylenders1 (LMLs) using the services of Ezynetic Pte Ltd (Ezynetic), a third-party IT vendor they engaged.
  1. Ezynetic’s system, which is not hosted on or linked to the Government’s network, was accessed by a malicious actor and data was leaked. The data contains personal identifiable information belonging to an estimated 128,000 clients of the 12 LMLs. Data of the remaining 8 LMLs who use Ezynetic’s services was not affected.
  1. The 12 LMLs and Ezynetic have made reports to the Police, the Cyber Security Agency of Singapore (CSA) and the Personal Data Protection Commission (PDPC). The LMLs have also begun notifying their borrowers of the breach and have reminded them to stay vigilant against possible phishing scams.
  1. As a containment measure, Credit Bureau (Singapore) Pte Ltd (CBS), which is the designated credit bureau that operates the Moneylenders Credit Bureau (MLCB) platform2, has restricted access to the platform for all 20 LMLs served by Ezynetic. MLCB’s online functions remain fully available to the other 133 LMLs in Singapore. Borrowers with queries may reach out to their respective LMLs for more information.
  1. MinLaw as regulator of LMLs takes a serious view of the data breach. The LMLs have a duty to protect any information in its possession or control. This includes information residing on their third party vendor systems.
  1. MinLaw is investigating the matter with CSA and PDPC. MinLaw is also in close contact with CBS to support affected LMLs’ business recovery efforts.

1. The 12 LMLs whose data was compromised are: (1) Ban King Credit (S) Pte Ltd, (2) Credit 21 Pte Ltd, (3) Lending Bee Pte Ltd, (4) Katong Credit Pte Ltd, (5) Credit Thirty3 Pte Ltd, (6) GS Credit Pte Ltd, (7) 1AP Capital Pte Ltd, (8) Creditmaster Pte Ltd, (9) BST Credit Pte Ltd, (10) U Credit (Pte) Ltd, (11) Horison Credit Pte Ltd, and (12) Credit Matters Pte Ltd.

2. MLCB is a central repository of data on borrowers’ loans and repayment records with all LMLs in Singapore. It allows LMLs to assess the creditworthiness of borrowers and make informed decisions when granting loan applications.

MINISTRY OF LAW
25 JULY 2024

Last updated on 25 July 2024