Singapore Income Insurance policyholder data exposed in third-party breach
Learn More
The personal and policy information of at least 146 Income Insurance policyholders in Singapore have been compromised following a ransomware attack on DataPost, an external vendor responsible for printing and mailing documents to the insurer's customers.
Income Insurance was alerted to the security incident on May 25, 2025, after DataPost, which handles document printing and mailing services for the company, fell victim to a ransomware attack.
Preliminary investigations conducted by DataPost revealed that bonus statements for at least 146 Income Insurance policyholders have been compromised. The investigation is ongoing and additional customers may be affected. Exposed data includes
- Names
- Postal addresses
- Policy numbers and plan details
- Annual bonus information for 2024
Income Insurance claims that its own systems remain secure and uncompromised, with no evidence of unauthorized access to any of its digital platforms or internal systems.
Income Insurance suspended all printing jobs with DataPost and implemented additional security measures, including blocking connections to the vendor and reinforcing firewall restrictions. In communications sent to policyholders on May 29, Income Insurance reports that customer policies remain safe and no login information has been compromised.
DataPost acknowledged that its investigation into the attack is in the early stages and stated that it will continue to comply with all regulatory obligations throughout the investigation process.
