It said it had suspended use of the system after Accellion informed it about a cyber attack on its systems. Singtel is the owner of Optus, Australia's second biggest telco.
Asked whether Optus used the same file-sharing system, a spokesperson responded: "Today, Singtel advised it had suspended all use of systems of third-party vendor, Accellion following an illegal attack by unidentified hackers. Investigations undertaken to date indicate that Optus has not been impacted by this incident."
A number of organisations in other countries have also been affected by the same vulnerability, with more than 300 companies said to have taken a hit. In Australia, the Brisbane-based QIMR Berghofer Medical Research Institute was among the victims.
The Singtel statement said customer information may have been compromised. "We are working urgently to conduct an impact assessment, to determine the nature and extent of data that has been potentially accessed. We will notify all affected individuals and organisations once we identify which files relevant to them were illegally accessed," it said.
Singtel said it had been using the FTA system for sharing information both internally and externally. It said it was informed of the vulnerability on 23 December and applied patches to fix it, one on 24 December and a second on 27 December.
"On 23 January, Accellion issued another advisory citing a new vulnerability which the 27 December patch was not effective against and we immediately took the system offline. On 30 January, Accellion provided another patch for the new vulnerability which triggered an anomaly alert when we tried to apply it.
"Accellion informed thereafter that our system could have been breached and this had likely occurred on 20 January.
"We continued to keep the system offline and activated cyber and criminal investigations which has confirmed the 20 January date. Given the complexity of the investigations, it was only confirmed on 9 February that files were taken."
Accellion's chief information security officer Frank Balonis said: “Our latest release of FTA has addressed all known vulnerabilities at this time.
“Future exploits, however, are a constant threat. We have encouraged all FTA customers to migrate to kiteworks for the last three years and have accelerated our FTA end-of-life plans in light of these attacks.
"We remain committed to assisting our FTA customers, but strongly urge them to migrate to kiteworks as soon as possible.”
Accellion has said it will be retiring the FTA product by April.
Singtel is the biggest mobile network operator in Singapore with 4.1 million subscribers and, through subsidiaries, had a combined mobile subscriber base of 640 million customers at the end of financial year 2017, according to Wikipedia.