A ransomware attack on Abecha, the company managing Singapore’s Esso Corporate Fleet Discount Programme, may have compromised sensitive credit card information of its customers. Abecha discovered the breach on August 13 and notified affected customers on August 28. According to the company, the hackers may have accessed customers’ credit card numbers and expiration dates, but other personal information, such as names, addresses, and contact details, appears to have remained secure.
In light of the breach, Abecha advised customers to review their credit card statements for any unauthorized or suspicious transactions. They also encouraged prompt reporting of any unusual activity to prevent potential misuse. An Abecha representative stated that there was no indication that any data had been taken by unauthorized parties. The company assured customers that their transactions were secure, and normal business operations were continuing.
The Esso Corporate Fleet Discount Programme, a collaboration with ExxonMobil, has been in operation since 2003 and currently serves more than 18,000 corporate clients.
The programme provides fuel discounts to corporate employees and is one of Abecha’s key offerings, alongside other corporate programmes with Citibank and DBS Bank.
Following the attack, Abecha quickly shut down the affected servers and hired data protection and cybersecurity specialists to investigate the breach and recommend additional security protocols. The company also filed a police report and informed the Personal Data Protection Commission Singapore (PDPC), which is now investigating the incident.
Despite assurances from Abecha, some customers have expressed concern.
Alson Tang, a public relations professional, voiced his anxiety since he had provided his bank account number when signing up for the discount programme. “Fuel prices are high, and the discount is appealing, but my trust in the organization has been somewhat shaken,” Tang said.
Davidson Chua, co-founder of the car-selling aggregator platform Telequotes, called the news “alarming.” While he had not detected any suspicious activity on his credit card, he noted that he might not have checked had he not learned of the breach. “If I hadn’t heard about this, I wouldn’t have checked my credit card transactions, and something could have happened, especially since I don’t use the Abecha Esso fleet card regularly,” Chua said, indicating he would likely cancel his card.
This incident highlights the importance of stringent cybersecurity measures for companies handling sensitive financial data. The PDPC’s investigation may provide further insights into the breach and any potential regulatory consequences for Abecha.