Overview

A massive data breach has rocked Singapore and its business and public sectors. On April 1, 2025, TOPPAN Next Tech Pte. Ltd. (TNT), a subsidiary of Japanese printing giant TOPPAN Holdings, became the latest victim of the Akira ransomware gang.

The cyberattack led to the encryption of TNT's servers and the theft of 12GB of highly sensitive data including employee records, financial reports, and government information.

Here’s what we know so far, and why it matters.

The Breach That Exposed 12GB of Sensitive Data

TOPPAN Next Tech Pte. Ltd. (TNT) is a key digital solutions and secure communications provider in Singapore. As a subsidiary of TOPPAN Holdings, one of Japan’s largest and oldest printing and information management conglomerates, TNT plays a critical role in handling high-risk data for both private clients and government agencies.

It all began on April 1, when TNT’s servers were quietly infiltrated by Akira. By the time the attack was detected, the ransomware had already locked up core systems and extracted large volumes of data.

In an official notice released on April 8, TOPPAN confirmed the incident. They admitted some client data was likely compromised but emphasized that TNT’s systems are isolated from other TOPPAN group companies.

Who Is Akira?

Akira is one of the most active ransomware groups in 2025. Known for targeting large enterprises, they use a method called double extortion where they steal data before encrypting it and then threaten to leak the files unless a ransom is paid.

Their leak site on the dark web features a retro terminal-style interface and includes a “command line” where users can view stolen data from dozens of victims.

TNT was listed on this site shortly after the attack, with a message: cooperate or be publicly shamed. The post included a complete data dump (100% uploaded) and claimed the files held corporate secrets and customer information.

Critical Information Compromised in the Attack

According to the leak page , Akira published 12GB of confidential files from TNT. These included:

  • Employee personal data
  • Customer information and databases
  • Financial audits, payment records, and credit card details
  • Contracts, NDAs, and corporate reports

Traffic Police Data Among the Victims

The situation escalated when the Singapore Police Force confirmed that records from the Traffic Police (TP) were among the leaked files.

On July 18, 2025, authorities disclosed that 1,300 names and addresses linked to traffic violations were found online. These records had been entrusted to TNT for handling bulk mail correspondence.

While the police said no sensitive violation details were published, the names, NRIC numbers, and contact info had indeed been leaked.

Mapping Akira’s Possible Route Into TNT

While the exact entry point hasn’t been shared publicly, Akira is known for using common attack methods:

  • Exploiting weak or outdated VPNs
  • Phishing emails that steal credentials
  • Attacking unpatched vulnerabilities in public-facing servers

Once inside, they move laterally through the network, disable backups, and begin encryption—all while silently uploading sensitive data to remote servers.

Lessons for Companies: Strengthening Cyber Defenses

The cyberattack on TOPPAN Next Tech serves as a clear reminder: even well-established, trusted organizations are vulnerable. Cybersecurity is no longer just a technical concern , it’s a business-critical issue that demands attention at every level.

Here are key lessons companies should take seriously:

  • Implement Multi-Factor Authentication (MFA): Passwords alone are not enough. Enabling MFA , especially on critical systems adds a strong layer of protection against unauthorized access.
  • Stay Updated and Patch Regularly: Many ransomware groups, including Akira, exploit known vulnerabilities. Regular vulnerability scanning and prompt patching of systems, especially VPNs and internet-facing servers, are essential.
  • Maintain Offsite and Immutable Backups: Ransomware often targets backup systems. Ensure you have secure, offsite backups that cannot be altered or deleted ,even if your main systems are compromised.
  • Audit Third-Party Risk: Trusted vendors can become a weak link. Conduct regular security audits of third parties handling sensitive or regulated data, and ensure they meet your security standards.
  • Train Employees Continuously: Human error remains a major attack vector. Ongoing training can help staff identify phishing attempts, suspicious links, and social engineering tactics.

The Bigger Picture

This isn’t an isolated case. Akira has been behind multiple ransomware attacks in 2025, and they’re only getting bolder.

What makes this incident different is the leak of government data. When traffic violation records end up on the dark web, it crosses a line from private sector disruption into public trust erosion.

With authorities now involved and personal data already exposed, the damage is done. All that’s left is for companies and governments to learn from it and adapt fast.

Related Posts

Copyright © TechOwlShield. All rights reserved.