{
	"id": "00d2e9be-00ab-48ca-b4bf-29b5df59a937",
	"created_at": "2026-04-06T00:10:07.592983Z",
	"updated_at": "2026-04-10T13:12:54.270047Z",
	"deleted_at": null,
	"sha1_hash": "e0328d5c6b0eb2f6e1cee7e051b6d5912b39528d",
	"title": "Singtel, QIMR Berghofer report Accellion-related data breaches",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3219669,
	"plain_text": "Singtel, QIMR Berghofer report Accellion-related data breaches\r\nBy Lawrence Abrams\r\nPublished: 2021-02-11 · Archived: 2026-04-05 15:13:05 UTC\r\nSingtel and the QIMR Berghofer Medical Research Institute are the latest companies to disclose data breaches caused by a\r\nvulnerability in the Accellion FTA secure file transfer software.\r\nAccellion is a developer of secure file transfer products that allow organizations to transfer sensitive files with people\r\noutside of their organization.\r\nIn mid-December, Accellion announced that they became aware of an actively exploited zero-day vulnerability in their FTA\r\nsecure file transfer product that allowed threat actors to access customers' data.\r\nhttps://www.bleepingcomputer.com/news/security/singtel-qimr-berghofer-report-accellion-related-data-breaches/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/singtel-qimr-berghofer-report-accellion-related-data-breaches/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nWhile they released a patch on Christmas day as soon as they learned of the vulnerability, by the time some companies were\r\nable to patch, threat actors had already gained access to their data.\r\nAs Accellion FTA service is used by numerous government agencies, educational institutions, and companies, we have\r\nbegun to see a wide-scale impact as companies report related data breaches.\r\nPrevious data breaches include the Reserve Bank of New Zealand, the Australian Securities and Investments Commission\r\n(ASIC), and the Office of the Washington State Auditor (\"SAO\").\r\nThe Singtel data breach\r\nSingtel, the largest mobile carrier in Singapore, announced today that they suffered a data breach caused by the Accellion\r\nFTA service's vulnerability.\r\n\"A third-party file sharing system provided by Accellion called FTA has been illegally accessed through a zero-day\r\nvulnerability or previously unknown vulnerability. Singtel uses this system to share information internally as well as with\r\nexternal stakeholders and organisations,\" Singtel announced in a security incident notification.\r\nThe telecommunications company has not disclosed what data has been accessed in the attack and states that they are\r\ncurrently investigating who was impacted.\r\n\"Given the complexity of the investigations, it will take time to make an impact assessment. We are working with the utmost\r\nurgency to ascertain the nature and extent of data that has been potentially accessed. We will reach out to individuals and\r\norganisations whose information may have been illegally downloaded,\" Singtel continued.\r\nWhile investigations are underway, Singtel states that they have taken the FTA system offline while they perform an\r\ninvestigation into the breach.\r\nOnce it is determined what the threat actors accessed, they will begin contacting affected people.\r\nQIMR Berghofer affected as well\r\nThe QIMR Berghofer Medical Research Institute has also announced today a data breach caused by the Accellion FTA\r\nservice and has provided more detailed information regarding what information was accessed.\r\nAccording to the research institute, the data breach appears to have occurred on December 25, 2020, when threat actors\r\naccessed approximately 4 percent, or 620MB, of data stored on the Accellion FTA service.\r\nQIMR Berghofer states that they received their first notification to install Accellion's patch on January 4th, 2021. It wasn't\r\nuntil February 2nd, 2021 that Accellion notified them that they had suffered a data breach.\r\n\"The first notification QIMR Berghofer received from Accellion was on 4 January 2021, when the company advised the\r\nInstitute to apply a security patch. The Institute immediately took the software offline and applied the patch.\"\r\n\"Accellion notified QIMR Berghofer on Tuesday 2 February 2021 that it believed the Institute had been affected by the data\r\nbreach, which has also affected a number of Accellion’s other Australian and international clients,\" QIMR Berghofer\r\ndisclosed in a data breach notice on their website.\r\nThe research institute states that they utilize the FTA service to receive and send data regarding clinical trials for anti-malaria\r\ndrugs, and to share data with the Mosquito and Arbovirus Research Committee. \r\nHowever, the shared data is anonymized before being stored on Accellion, and trial participants are assigned codes to\r\nidentify them.\r\nThe \"de-identified\" information stored by them on Accellion includes initials, date of birth, age, gender, and ethnic group of\r\nclinical trial participants, as well as the participant codes. Some documents also have a de-identified medical history.\r\nQIMR Berghofer also states that the resumes for approximately 30 employees on the Accellion FTA service.\r\nhttps://www.bleepingcomputer.com/news/security/singtel-qimr-berghofer-report-accellion-related-data-breaches/\r\nPage 3 of 4\n\nThe lack of identifying information in the data stored on the FTA device is a double-edged sword. \r\nWhile no personally identifying information has been disclosed, as each trial participant has been de-identified and assigned\r\ncodes to refer to them, QIMR Berghofer has no way to contact them.\r\n“We cannot contact these clinical trial participants because we don’t know who they are, and don’t have their names or\r\ncontact details. However, if anyone has any concerns, or would like more information, they can contact us via the details\r\nbelow.\r\n“We are contacting our clinical trial partners and other stakeholders to let them know what has happened and what we are\r\ndoing to address this likely data breach,\" explains QIMR Berghofer.\r\nThanks to Douglas Mun for the tip.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/singtel-qimr-berghofer-report-accellion-related-data-breaches/\r\nhttps://www.bleepingcomputer.com/news/security/singtel-qimr-berghofer-report-accellion-related-data-breaches/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/singtel-qimr-berghofer-report-accellion-related-data-breaches/"
	],
	"report_names": [
		"singtel-qimr-berghofer-report-accellion-related-data-breaches"
	],
	"threat_actors": [],
	"ts_created_at": 1775434207,
	"ts_updated_at": 1775826774,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e0328d5c6b0eb2f6e1cee7e051b6d5912b39528d.pdf",
		"text": "https://archive.orkl.eu/e0328d5c6b0eb2f6e1cee7e051b6d5912b39528d.txt",
		"img": "https://archive.orkl.eu/e0328d5c6b0eb2f6e1cee7e051b6d5912b39528d.jpg"
	}
}