SINGAPORE

A significant security breach has prompted the Infocomm Media Development Authority (IMDA) to launch an investigation into StarHub's budget-friendly sub-brand, Giga. The inquiry centers around the telco's failure to adequately verify user identities when porting Giga e-SIMs to new devices.

The Straits Times has uncovered that a recent incident involved hackers hijacking a customer’s phone line due to the absence of robust identity verification during the porting process. This breach ultimately allowed the cybercriminals to access sensitive information, including banking SMS One-Time Passwords (OTPs), potentially leading to severe financial repercussions for the victim.

Giga, known for its no-frills mobile services, has come under scrutiny as the IMDA emphasized the necessity of stringent registration procedures during the issuance and transfer of SIM and e-SIM cards. According to an IMDA spokesperson, "StarHub failed to fully implement necessary security measures for the re-issuance of e-SIM through its app, which places users at risk."

Under existing regulations, telecom operators must confirm user identities via reliable methods, including digital ID tools like SingPass, or by manually verifying identification documents such as NRICs or work passes. The importance of such verification is underscored by experts who warn that without it, e-SIMs are vulnerable to hijacking, particularly when attackers capitalize on stolen personal information through phishing attacks or data breaches.

E-SIMs offer a modern alternative to physical SIM cards, allowing users to switch between various mobile plans without the hassle of obtaining new physical cards. Their rising popularity among consumers is driven by convenience; however, this latest incident raises significant concerns about user security.

Earlier this year, a similar case highlighted vulnerabilities in the industry when a fraudster successfully impersonated a customer of Circles.Life, leading to the takeover of their mobile line and access to their WhatsApp account and various e-wallets.

In a bid to reassure customers, a spokesperson for Giga stated: "Our customers’ security and privacy are top priorities for us. We are actively engaging with the IMDA and are working closely to address this matter." Additionally, the spokesperson revealed that Giga has since implemented two-factor authentication (2FA) on its app, aligning with industry best practices to bolster user security.

As e-SIM technology becomes increasingly adopted, industry experts urge consumers to adopt rigorous cyber hygiene practices. "Users should never use the same password across different accounts and must stay vigilant in protecting their personal information," recommended the IMDA spokesperson.

This incident serves as a stark reminder of the critical importance of identity verification in digital transactions, especially as cyber threats continue to evolve. The investigation by the IMDA will likely lead to more stringent regulations within the local telecom industry, ensuring that consumer safety remains a top priority. Stay tuned for updates as the investigation unfolds!