The NRIC numbers and pictures of the latest cohort of National Service (NS) recruits who had completed their basic military training has been mistakenly published online for a day on 11 March.
The post published photos of the graduating recruits from the January 2017 batch but it also had a link to a document on Google Drive that displayed the identity-card numbers of the recent graduates, together with their photos.
The Basic Military Training Centre (BMTC) found out about the mistake and took down the post the following day when they realised what had happened.
Mr Darryl Lo saw the post on BMTC’s Facebook page on 11 March and he wrote of the incident in a letter to Today Voices.
Mr Lo wrote, “Such personal data should not be made public. Essentially, hackers do not even have to break into any system to get such data since it was freely shared. The BMTC team responsible for publishing the personal data should be reprimanded.”
BMTC commander Colonel Desmond Yeo said the post were taken down by noon the following day when the oversight was realised.
Col Yeo responded to Mr Lo’s letter, also in Today Voices.
He explained that previously, the soft-copy portraits were labelled manually via a different system, but for the most recent graduating BMT cohort, the labelling was auto-generated via the scanning of the recruits’ SAF identity cards to speed up the process.
This resulted in the photos being labelled by NRIC numbers, Col Yeo wrote, “No other personal data were released,” he assured.
“Basic Military Training Centre (BMTC) recognises that making available our recruits’ portraits, labelled together with their NRIC numbers on a platform accessible to the general public, was an oversight. We apologise for the mistake,” Col Yeo said in his letter.
He also said that BMTC is reviewing its procedures to prevent a similar recurrence.
BMTC had uploaded the soft-copy photos of the recruits online to enable the recruits share with their family and friends in order to make the BMT graduation parade a memorable and meaningful event. The effort has been warmly received by the recruits.
Last month, a cyber attack on Mindef’s I-net system had resulted in the theft of the personal data of about 850 national servicemen and Mindef employees, including their NRIC numbers, telephone numbers, and dates of birth.