Dear customer,

We are writing to inform you of a recent security incident at Tokyo Century Leasing (Singapore) Pte. Ltd. This notification is sent pursuant to Section 26D (2) of the Personal Data Protection Act 2012.

On June 12, 2022, we had detected a malware known as ransomware in our servers. The ransomware has infected a number of employees’ computers and encrypted our servers and company systems, which contain certain personal data including names, addresses, emails, phone numbers, NRIC numbers, passport numbers, credit information and other transaction information.

As a containment measure, we have shut down and isolated the affected servers and computers immediately, and temporarily suspended our online leasing application platform. We have also reported this incident to the relevant authorities.

We have engaged IT professionals to assist in the repair and recovery of our computers, systems and servers.

In addition, we have also engaged an external professional security team to remove the ransomware and conduct a risk assessment of this incident. We are awaiting advice on whether there had been any data exfiltration arising from this ransomware attack.

We will be conducting a comprehensive investigation on this incident, updating the security of our company’s computer systems, and revising the compliance handbook to ensure a higher level of security of the system and the employees business compliance. We will do our best to prevent a recurrence of such an incident in the future.

Should you have any queries relating to this matter, please contact us at +65-6532-3436.

We sincerely apologize for the inconvenience caused by this incident. We thank you for your understanding, and sincerely hope to receive your continuous support in the future.