The Singapore Red Cross (SRC) has just been hacked, compromising details of 4,297 potential blood donors. In a statement posted on their Facebook page on Thursday (16 May), SRC said there was an incident of unauthorised access to part of their website on Wednesday, 8 May. The part of the website that was affected was the section used for recruiting people to become blood donors.
Via the website, the public can indicate their interest in making a blood donation. From there, SRC will make appointments manually on behalf of those people with various blood banks and blood mobiles based on their indicated preferred times and dates.
The hack last week leaked names, contact number, email, declared blood type, preferred appointment date/times and preferred location for blood donation of 4,297 individuals who had registered their interest on the SRC website. No other information was compromised.
SRC said in its statement that a police report was made on the same day of the hack (8 May) and that investigations are ongoing. SRC also reported the incident to the Personal Data Protection Commission and the Health Sciences Authority (HSA).
The statement went on to say that were already measures in place to guard against access to the website. However, it said that “preliminary findings show that a weak administrator password could have left the website vulnerable to the unauthorised access”.
SRC has temporarily disconnected the website from internet access and replaced it with a temporary webpage until security checks are completed. External consultants have been engaged to conduct a forensic investigation on the hack.
SRC’s Secretary General Mr Benjamin William said, “Out immediate priority is to ensure affected individuals are notified, while working with the relevant parties to restore and strengthen our IT Systems, safeguard our data and mitigate any future risks.”
Mr William added, “We apologise to the users of our website whose information may have been affected by this incident”.