StarHub under probe for Giga e-SIM security breach; hackers tapped one user’s phone to access banking info

SINGAPORE, Dec 7 — The Infocomm Media Development Authority (IMDA) is investigating telco giant StarHub for failing to verify the identity of users requesting to port their Giga e-SIMs, Singapore’s mainstream newspaper reported.

The lapse in security allowed hackers to take control of at least one customer’s phone line, gaining access to sensitive information, including banking SMS One Time Passwords, according to The Straits Times.

Giga is StarHub’s budget sub-brand offering e-SIMs as a convenient alternative to physical SIM cards.

IMDA confirmed that StarHub did not fully implement necessary identity verification measures when re-issuing e-SIMs via its app, which is now under investigation.

The newspaper cited an unnamed IMDA official saying that mobile operators must verify user identities using Singpass or photo IDs when issuing or porting both SIM and e-SIMs.

Experts warned that without proper verification, e-SIMs can be easily hijacked if hackers access personal details through phishing or leaked databases.

e-SIMs, which are remotely loaded onto devices, are becoming increasingly popular due to their convenience, allowing users to avoid physical SIM cards.

The Straits Times reported an unnamed Giga spokesman said that customer security and privacy are top priorities, and the company is working closely with IMDA on the matter.

IMDA further noted that best practices include implementing two-factor authentication for telco apps like Giga, which has since been applied.

Consumers are also encouraged to adopt strong cybersecurity practices, such as using unique passwords for different accounts to safeguard their personal information.