223 e-case files had been accessed by a few accused persons without authorisation, the State Courts (SC) revealed in a public statement on Wednesday (28 November).
The SC said that they were alerted about a possible vulnerability in the Integrated Criminal Case Filing and Management System (ICMS) on 1 November 2018. This is the electronic case management system that is used in the State Courts for the conduct of criminal proceedings.
Data accessed from the files included names, personal identity information, addresses, gender of the accused, information about the offences, and the status of the case. The type of cases accessed by the individuals included criminal cases, coroner’s inquiries, magistrate’s complaints and a youth court case.
They immediately investigated the matter and take immediate steps to fix the vulnerability.
The e-case files had not been tampered with, and the integrity of ongoing proceedings was not affected, the State Courts said.
The State Courts stressed that the ICMS Accused Person access portal can only be accessed by accused persons with a valid account through SingPass authentication. Preliminary findings show that the accused persons in question had exploited a loophole in the ICMS system which allowed them to view court documents in other e-case files.
The State Courts take a serious view of any unauthorised access of information in our case management systems and have reported the matter to the police.
As of 9 November 2018, the State Courts said that they have cooperated with their system vendor, Ecquaria Technologies Pte Ltd, to implemente additional measures to protect the security and confidentiality of the information in the ICMS by enhancing the user access controls within the system.
Investigations by the police are ongoing.
Letters have been sent to all parties affected by the unauthorised access and a dedicated email ([email protected]) and hotline (64355651) have been set up to address queries.