Police probe leak of motorists’ data after ransomware attack on printing vendor Toppan Next Tech
Singapore police and the Cyber Security Agency (CSA) are investigating the leak of names and addresses of about 1,300 motorists after a ransomware attack on Toppan Next Tech (TNT), a vendor handling Traffic Police correspondence. Internal police systems were not breached.
- About 1,300 motorists’ names and addresses were leaked after a ransomware attack on Toppan Next Tech.
- The incident did not involve NRIC numbers or offence details, and Traffic Police systems were not breached.
- Authorities are notifying affected individuals and strengthening cybersecurity defences.
Singapore police have launched an investigation into the unauthorised publication of personal data belonging to about 1,300 motorists, including individuals with traffic offences.
The data, consisting of names and addresses, was found online on 18 July following a ransomware attack on the systems of Toppan Next Tech (TNT), a vendor that handles printing and mailing services for the Traffic Police.
In a joint statement on 24 July, the Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) said the exposed information originated from TNT’s systems. The attack is believed to have occurred several months earlier.
Vendor’s systems targeted in April
Investigations revealed that TNT’s network was targeted on 1 April 2025 during a ransomware incident that also affected its banking clients, DBS Bank and the Bank of China’s Singapore branch.
That breach compromised the personal data of over 11,000 bank customers. TNT notified the Personal Data Protection Commission (PDPC) on the evening of 6 April.
Authorities said TNT had received personal details from the Traffic Police—including names, addresses, NRIC numbers, and traffic offence information—for the purpose of printing and sending official correspondence.
Scope of leaked information
While the dataset uploaded online contained only names and addresses, investigators have found no evidence that NRIC numbers or details of offences were included in the leak.
The police also confirmed that the Traffic Police’s internal IT systems were not compromised during the incident.
TNT has since worked with cybersecurity experts and authorities to strengthen its digital defences and prevent further unauthorised access.
Links to earlier breaches
The same ransomware group is suspected to be behind previous attacks targeting TNT’s financial sector clients in April. Those breaches exposed customer information such as names, addresses, and account identifiers.
Authorities have said the most recent leak appears to be an extension of the earlier incident, as stolen data sets are now circulating on illicit online platforms.
Response and ongoing measures
In response, police said they will contact all affected motorists directly. The CSA continues to assist with the forensic investigation and has urged organisations handling sensitive personal data to adopt stronger encryption and backup protocols.
Members of the public have been advised to stay alert for signs of identity theft or phishing. Individuals who detect suspicious transactions or account activity are encouraged to lodge reports via the police hotline at 1800-255-0000 or through the online portal at www.police.gov.sg/i-witness.
TNT’s other government contracts
Toppan Next Tech also serves as a printing contractor for the Elections Department, including for poll cards and ballot papers during the 2025 General Election. Authorities said there is no indication that election-related data was affected by the ransomware breach.
