Incident Update

Incident Update

Unauthorised Access to Single Email Account
Due to Isolated Phishing Incident

 

No customer database compromised

Progressively combing through the compromised email account and reaching out to affected individuals

 

SINGAPORE, 9 April 2021

On 17 March 2021, Certis was alerted to an incident where several individuals had received phishing emails from a single email account. These emails appeared to be from Certis and were sent between 16 and 17 March 2021. Our IT team immediately conducted an investigation, and we were able to conclude that this is an isolated incident. The phishing emails did not originate from our customer service email account on Microsoft Office365 cloud, and no customer database had been compromised. We take such incidents seriously, and intensified our investigations.

Investigations later revealed that these emails are potentially part of a wider phishing attack targeting Microsoft Office365 cloud email accounts. During the same period of time when the phishing emails were sent, there was unauthorised access into the same customer service email account. Our IT team took urgent steps to strengthen our authentication processes and scanned affected computers. No further unauthorised access has been detected.

External cyber security experts were called in to investigate the nature of the incident and assess the impact on affected individuals. Concurrently, we began the process of examining approximately 62,000 emails in the affected account for personal data that may have been exposed. Our customer databases have not been compromised, and thus far, about 1.2% of the emails contain personal information such as NRIC and credit card numbers. The extensive process of examining all the emails for personal data is still ongoing. As a precaution, we are progressively alerting all affected individuals who may potentially be at risk.

Our commitment to affected individuals

Mr Ronald Poon, Chief Executive for Singapore, Certis said, “We sincerely apologise to all who may be impacted by this incident, and for any inconvenience and distress caused. We are making every effort to reach out to the affected individuals. And we want to ensure that we support them in every way we can. Our email system will undergo further reviews to mitigate vulnerabilities and enhance the protection of our data, and that of our customers. I would like to assure all our customers that this is an isolated phishing incident linked to a single email account. We can affirm that none of our customer databases were compromised. Our operations remain secure and unaffected.”

As an added measure, Certis has engaged the services of a reputable identity theft monitoring provider. The service is offered to affected individuals at no cost to them. This helps alert them upon detection of any potential misuse of their personal data.

We have also established a dedicated email to support affected individuals with their queries at ITinvestigation@certisgroup.com. Alternatively, they may call us at 6747 2888.

 

 

Frequently Asked Questions

General

Certis detected phishing emails that appeared to originate from our customer service account, sent between 16 and 17 March 2021. An investigation was launched immediately and confirmed that they did not originate from our customer service email account on Microsoft Office365 cloud. During the same period of time when the phishing emails were sent, there was unauthorised access into the same account. The incident is suspected to be part of a wider phishing campaign targeting email accounts in Microsoft Office365 cloud.

 

It is also established that this is an isolated incident affecting the specific customer service email account, and none of our customer databases have been compromised. We are examining approximately 62,000 emails in the affected account for personal data that may have been exposed. This extensive process is still ongoing.

 

We have also commenced reaching out to these affected individuals to support them and provide advice on how best to manage the risks involved. As an added measure, Certis has engaged the services of a reputable identity theft monitoring provider. The service is offered to affected individuals at no cost to them.

We worked with the utmost urgency to ascertain the nature and extent of data that has been exposed and accessed. Upon detection of a potential phishing incident, the matter was reported to our IT team for assessment immediately. Our IT team took urgent steps to strengthen the authentication processes and scanned affected computers. No further unauthorised access has been detected. We have also appointed external cyber security experts to investigate the nature of the incident and assess the impact on affected individuals.


All affected individuals who have sent emails with personal data are being identified. We have commenced reaching out to these affected individuals to support them and provide advice on how best to manage the potential risks involved.

 

As an added measure, Certis has engaged the services of a reputable identity theft monitoring provider. The 12-month subscription service is offered to affected individuals at no cost to them.

There are 62,000 emails in the affected email account. Initial scans show that about 1.2% of the emails contain personal information such as NRIC and credit card numbers. We are examining every email correspondence in the affected mailbox to sift out only affected individuals, corporate organisations and customers who may have sent emails containing personal data.

This is an isolated incident specific to the customer service email account on Microsoft Office365 cloud. None of our customer databases have been compromised.

Given the complexity of the investigations, it has taken time to investigate the nature of the incident and assess the impact on affected individuals. We are alerting those who may potentially be at risk and will address their concerns. And we will be in contact with the relevant representatives from affected organisations.

We are doing our utmost to notify all affected individuals as quickly as we can. If you have emailed us at customerservice@certisgroup.com with your personal data before 17 March 2021, please contact us immediately.


For your peace of mind, you may wish to engage IdentityForce to help you monitor any potential misuse of your information. This optional service is available at no cost to you. If you are an affected individual and wish to sign up for this service, please email ITinvestigation@certisgroup.com or call us at 6747 2888. (Mon-Thu 8.30am-5.30pm, Fri 8.30am-5pm, Sat 8.30am-12.30pm). Press ‘9’ when prompted ‘PDPA Matters to speak to our dedicated customer service agent.'

If you suspect that you have been a victim of a cyber crime or identity theft, you should make a police report.

Personal data that have been exposed is limited to information provided in email correspondence with the customerservice@certisgroup.com account. If you are an affected individual, you will receive an email notification from us. We will specify the types of personal data that may have been exposed. You will be advised on the potential risks and what you should do.

The customerservice@certisgroup.com email account has been thoroughly scanned for any potential threat. Our IT team took urgent steps to strengthen our authentication processes and scanned affected computers. No further unauthorised access has been detected.


It is safe to send or receive emails from this account. We have also thoroughly checked all our servers and customer databases as an added precaution.

If you have suffered loss or damage as a result of this incident, and in spite of the recommended steps to eliminate or mitigate the potential harm of the incident, please consider seeking professional legal advice on your rights and remedies. We respect your legal rights and will render our cooperation in the process while assessing every case individually.

Our authentication processes have been strengthened. Access control management is also heightened, with increased frequency of password change and implementation of 2-Factor Authentication (2-FA). We are working closely with our cyber security partners to implement more measures to mitigate future potential risks of such incidents reoccurring.


We will reinforce our cyber security training efforts for all our employees. They are required to complete mandatory cyber security training annually, including a module on how to identify phishing emails. 

IdentifyForce - Identity Theft Monitoring Service

We have engaged an identity theft monitoring service provider, IdentityForce, to assist affected individuals with this data breach incident.  IdentityForce provides identity theft protection which includes internet and social media account monitoring for personal data breach.  This helps alert them upon detection of any potential misuse of their personal data.

Please note that this would be an opt-in service for affected individuals. As this is a complimentary service, you do not have to provide any payment information at sign-up and the identity monitoring service will be automatically terminated at the end of the 12-month term.  Our customer service officers will not be contacting you to see if you want to set up the service. If you are contacted by any caller claiming to be from Certis or IdentityForce offering you identity monitoring services, please hang up immediately. This is a scam call. Do not provide any details to callers soliciting your information for this purpose.

Safe Deposit Box

Personal data that have been exposed is limited to information provided in email correspondence with the customerservice@certisgroup.com email account. Our safe deposit box database and customer information has not been compromised, and remains intact and secure.

 

Access to safe deposit boxes will require photo ID verification and dual-key access at the facilities. You can rest assured that all security systems and checks for our safe deposit box services are in place to prevent any unauthorised access to your safe deposit box.

Our safe deposit box database and customer information have not been compromised, and remains intact and secure.

Personal data that have been exposed is limited to information that you may have provided in email correspondence with the affected email account.

This is an isolated incident limited to the email correspondence in the affected email account. Our operations, as well as safe deposit box database and customer information is not affected by this incident and remains intact and secure.

Safe deposit box customers can reach us at 6555 5000 or via email info@certisgroup.com for further assistance.

Connect with Us

Engage with us for more information about our services and solutions.