DBS Bank and the Bank of China’s Singapore branch have confirmed that customer data was compromised following a ransomware attack on third-party vendor Toppan Next Tech (TNT), a company responsible for printing bank statements. The breach has raised fresh concerns over data security in financial services, particularly in relation to third-party vulnerabilities.
According to DBS, approximately 8,200 customer records were affected, mostly related to DBS Vickers brokerage and Cashline loan accounts. The exposed data included names, postal addresses, and account information related to specific equities and loan positions. The Bank of China reported a smaller but still significant impact, with around 3,000 customers affected. In some cases, loan account numbers were also involved.
Both banks were quick to clarify that their internal systems were not breached and there has been no evidence of unauthorized transactions. Core banking platforms remain secure, and customer funds are intact. Nevertheless, the incident has prompted immediate action. Printing services with TNT have been suspended, while monitoring across affected accounts has been heightened. Affected customers are being notified individually.
The Monetary Authority of Singapore (MAS) and the Cyber Security Agency of Singapore (CSA) are working closely with the banks and the vendor to investigate the source of the attack and implement containment measures. Regulatory authorities are also reviewing vendor risk frameworks to prevent future incidents.
This breach underscores the growing threat landscape facing financial institutions and the critical need to assess cybersecurity risks across entire supply chains. As banks increasingly rely on third-party service providers to deliver operational efficiency, the potential exposure to cyberattacks multiplies. Institutions are under pressure not only to protect their own infrastructure but also to ensure that vendors adhere to robust data security standards.
The incident highlights the importance of continued investment in cybersecurity governance, especially as threat actors target less secure entry points through trusted partners. For banks operating in digitally mature markets like Singapore, the expectation for proactive, end-to-end data protection is higher than ever.
