The banks were instructed not to depend solely on the types of information that had been illegally accessed in the cyberattack to verify customers’ identity. These included full name, national identification number, address, gender, race, and date of birth.
Additional information should be used for verification before banks processed any transaction for the customer, the industry regulator said. These, for example, could include one-time passwords, PIN, and biometrics.
Banks in Singapore already were required to implement two-factor authentication to identify customers at login for access to online services. An additional layer of control also had to be put in place to authorise high-risk transactions, such as opening of beneficial accounts, registration of third-party payee details, and revision of funds transfer limits.
According to Reuters, non-medical personal data of 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics between May 1, 2015, and July 4, 2018, had been found to be illegally accessed and copied. In addition, outpatient medical data of some 160,000 patients were compromised.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now