A hack on technology consulting company Dialog, which SingTel bought earlier this year, may have accessed data on fewer than 20 clients and 1,000 current and former staff, according to a Dialog statement issued by SingTel on Monday.

Dialog found out on Oct 7 that a “very small sample” of its data, including personal employee information, had been published on the so-called Dark Web. The attack itself took place almost a month earlier, on Sept 10.

A second hack at a SingTel-owned business raises questions about cybersecurity at the broader group, the timeliness of breach disclosures, and whether the Singapore parent is being deliberately targeted.

Another Australian subsidiary of SingTel, Optus, last month revealed a vast security breach had exposed details of 9.8 million former and current customers in one of the country’s biggest-ever hacks. More than 2 million people had identity document numbers compromised, triggering concerns about widescale financial fraud.

A subsidiary of SingTel, NCS, announced the acquisition of Dialog in March for A$325 million (US$207 million). Dialog’s systems are completely independent of those of SingTel, NCS and Optus, and there’s no evidence that the two recent incidents are linked, SingTel said.

According to Dialog’s website, the firm’s clients include some of Australia’s biggest and best-known companies. They include National Australia Bank Ltd. and airline Virgin Australia, as well as several state and federal government departments.

“We are doing our utmost to address the situation and, as a precaution, we are actively engaging with potentially impacted stakeholders to share information, support and advice,” Dialog said in its statement.

The hacks threaten to become an expensive lapse for the Singapore company. Optus is already paying for replacement driver’s licenses and passports, and total costs including bills and fines could stretch into hundreds of millions of dollars, according to some estimates.