SINGAPORE, 17 September 2014 - M1 Limited (M1) announced the preliminary findings of its investigation into the website security incident on 15 September.

A security flaw existed in the design of an application programming interface in the customer authentication mechanism of our website. By changing data stored within a website "cookie", this allows possible access to another customer's personal information. A security patch was immediately developed and deployed which rectified the flaw.

Our investigation to date has detected one case of unauthorised access to some personal information of 12  customers, such as their names and addresses. Credit card and bank account details were not accessible. We sincerely apologise to our affected customers and are in the process of contacting them.

Our independent security specialist has commenced penetration testing, post-implementation of the security patch. This will be followed by penetration testing by another independent specialist. We will also implement additional layers of protection to mask website cookies.

M1 places the utmost priority in protecting our customer data and privacy, and has strict processes and procedures in place to safeguard customer information.

distributed by