A ransomware attack on a printing vendor has affected DBS and Bank of China – two major banks in Asia. Thousands of customers are exposed.
Recent ransomware that targeted Toppan Next Tech (TNT), a printing service provider, hit the two banking giants.
DBS, headquartered in Singapore, and the Bank of China send encrypted customer statements and letters to TNT for printing. While the banks’ systems were not breached, an attack on the third-party vendor left the banks’ customers exposed.
DBS, one of Asia's most prominent banks, has confirmed that a ransomware attack on its printing vendor has led to the leakage of 8,200 customer statements.
Meanwhile, the Bank of China issued a notice that 3000 customers were affected, whose paper letters were printed and distributed by TNT.
While the breach didn’t expose any login details, account balances, or wealth holdings, the incident is still enough to rattle customers.
DBS stated that the compromised files are mostly related to DBS Vickers accounts and Cashline loans. While personal details like names, addresses, and equity holdings may have been exposed, customers can rest easy knowing sensitive data like passwords, NRIC numbers, or deposit balances weren't part of the breach.
TNT's initial review shows the affected DBS statements were mainly from December 2024 through February 2025. While the compromised vendor’s systems were left wide open, DBS insisted that its own infrastructure remains secure.
“Customers' deposits and funds are unaffected,” the bank reassured, adding that there is no evidence any unauthorized transactions have taken place.
The bank has immediately stopped all printing jobs with TNT and ramped up monitoring to keep an eye on any unusual account activity.
"The confidentiality of our customers’ personal information is of paramount importance to us, and we understand the seriousness of the situation," says DBS Singapore’s Country Head, Lim Him Chuan.
DBS states that investigations are still ongoing, and it's unclear whether the cybercriminals managed to decrypt the stolen files.
The Bank of China stated that customer names, addresses, and, in some cases, the loan account numbers of their customers were exposed.
“Your accounts remain secure and fully operational,” writes the Bank of China in a statement.
How to stay safe?
- Don’t engage with any unsolicited letters, emails, or SMSs that include suspicious links or QR codes claiming to be from the bank. Remember, no bank will ever send clickable links via SMS.
- Never share your personal or banking credentials – DBS staff will never ask for sensitive info, including OTPs or credit card numbers.
- Always verify any strange claims about your bank account. If it’s from DBS, check directly with them.
- Review your recent account activity and credit card statements to spot any unauthorized transactions.
Third-party services are often weak link
The DBS leak is a brutal reminder that even the most trusted vendors can crumble, becoming a weak link that puts your entire security at risk. Relying on third-party providers for critical services is a gamble you might not always win.
Let’s not forget that cybercriminals are increasingly targeting business service providers. These targets are often easier to crack, but they’re more than just low-hanging fruit – they’re the golden ticket into the networks of bigger fish, the real prize.
Our own research proves it. In 2024, Cybernews uncovered a leak at Nearsoft, a player in digital banking and e-government, that exposed sensitive data belonging to Banco Portugues de Gestao.
Then there’s the OCR Labs disaster of 2023. A single screw-up in their system's settings spilled the private data of six major financial institutions: QBANK, Defence Bank, Bloom Money, Admiral Money, MA Money, and Reed.
Your email address will not be published. Required fields are markedmarked