Connect with us

Current Affairs

PDPC fines computer service vendor S$4,000 over programming error resulting in disclosure of NSmen’s personal data

Published

on

The Personal Data Protection Commission (PDPC) has issued a S$4,000 fine against a computer service vendor for a programming error that resulted in the disclosure of the personal data of over 400 national servicemen (NSmen) in Jun last year, comprising the NSmen’s login identification, email addresses, delivery addresses and mobile numbers.

Option Gift Pte Ltd, the vendor responsible for handling Uniqrewards – an online portal for NSmen to redeem credits and gifts from the Ministry of Defence (MINDEF) and the Ministry of Home Affairs (MHA) – was found guilty of breaching Section 24 of the Personal Data Protection Act 2012 (PDPA), which stipulates that an organisation must take reasonable security steps or arrangements to prevent unauthorised access or disclosure of personal data under its control or possession.

Through Uniqrewards, NSmen may receive such rewards from MINDEF and MHA for performing well during in-camp training or courses, or to celebrate a significant event such as the birth of their child.

Citing Commissioner Tan Kiat How’s grounds of decision, Deputy Commissioner Yeong Zee Kin stated in a case report on Thu (6 Jun) that Option Gift “had full possession and control over the personal data that the Portal collects, uses, discloses and processes at all material times” as the administrator of Uniqrewards, and thus “had full responsibility for the security of the Portal, any changes to it, as well as the personal data processed by it”.

“In this regard, the Commissioner found that the Organisation had failed to conduct sufficient testing before rolling out the programme script,” he added.

The source of the lapse was traced to an Option Gift employee’s failure to reset a service account password in time according to the password expiry policy of 180 days “due to an oversight and a lack of reminders or warnings” on the expiration deadline. As a result, 427 NSmen did not receive confirmation emails for their redemption requests made between 22 May and 24 May last year.

Upon recognition of the incident on 23 May last year, Option Gift wrote a separate programme script to send out the confirmation emails in a bid to resolve the issue. However, the programme script was found to be faulty, as the programme script retained the email addressses of the recipients of the preceding Confirmation Emails in the “To:” field of the email each time a new Confirmation Email was generated.

“It merely added on the intended recipient’s email address, instead of replacing the previous recipient’s email address with the intended recipient’s,” the report revealed.

“This pattern of addressing the Confirmation Emails continued until the last recipient, who received only the Confirmation Email intended for him,” according to the report.

Following the data disclosure, Option Gift had mailed all the affected NSmen an apology and requested for them to delete all emails addressed by Uniqrewards which were not intended for them and had notified the Commission regarding the incident.

MINDEF and MHA had also respectively issued an apology to the affected NSmen on 13 Jun last year, and had urged the NSmen to delete any emails from Uniqrewards that were not intended for them. A month later, the affected NSmen were given S$80 worth of gift voucher per serviceman as a gesture of apology from Option Gift.

Option Gift has also indicated steps to buttress its security in order to prevent similar incidents in the future, including subjecting future changes in Uniqrewards to secondary checks during the development testing stage, a separate review of source codes written by developers, direct resending of confirmation emails via an enhancement of Uniqrewards’ backend system, and a standard operating procedure to document the process.

Option Gift will also “deploy an application, Sonarcloud, to analyse the quality of source codes. Sonarcloud would be used to detect bugs, vulnerabilities and code smells during the development process,” the report noted.

“In this case, software testing (i.e., development testing and user acceptance testing) was carried out on the programme script prior to its actual implementation. Investigations revealed a fundamental flaw in designing the test scenarios.

“The test scenario consisted of generating all 427 test emails but instead of picking up the recipient emails from a list of email addresses, each email was hardcoded to be sent to the same internal email address.

“Unsurprisingly, the Error, which would only have manifested itself if there was more than one recipient, was not detected,” according to the Commission.

Continue Reading
Click to comment
Subscribe
Notify of
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Current Affairs

Hotel Properties Limited suspends trading ahead of Ong Beng Seng’s court hearing

Hotel Properties Limited (HPL), co-founded by Mr Ong Beng Seng, has halted trading ahead of his court appearance today (4 October). The announcement was made by HPL’s company secretary at about 7.45am, citing a pending release of an announcement. Mr Ong faces one charge of abetting a public servant in obtaining gifts and another charge of obstruction of justice. He is due in court at 2.30pm.

Published

on

SINGAPORE: Hotel Properties Limited (HPL), the property and hotel developer co-founded by Mr Ong Beng Seng, has requested a trading halt ahead of the Singapore tycoon’s scheduled court appearance today (4 October) afternoon.

This announcement was made by HPL’s company secretary at approximately 7.45am, stating that the halt was due to a pending release of an announcement.

Mr Ong, who serves as HPL’s managing director and controlling shareholder, faces one charge under Section 165, accused of abetting a public servant in obtaining gifts, as well as one charge of obstruction of justice.

He is set to appear in court at 2.30pm on 4 October.

Ong’s charges stem from his involvement in a high-profile corruption case linked to former Singaporean transport minister S Iswaran.

The 80-year-old businessman was named in Iswaran’s initial graft charges earlier this year.

These charges alleged that Iswaran had corruptly received valuable gifts from Ong, including tickets to the 2022 Singapore Formula 1 Grand Prix, flights, and a hotel stay in Doha.

These gifts were allegedly provided to advance Ong’s business interests, particularly in securing contracts with the Singapore Tourism Board for the Singapore GP and the ABBA Voyage virtual concert.

Although Iswaran no longer faces the original corruption charges, the prosecution amended them to lesser charges under Section 165.

Iswaran pleaded guilty on 24 September, 2024, to four counts under this section, which covered over S$400,000 worth of gifts, including flight tickets, sports event access, and luxury items like whisky and wines.

Additionally, he faced one count of obstructing justice for repaying Ong for a Doha-Singapore flight shortly before the Corrupt Practices Investigation Bureau (CPIB) became involved.

On 3 October, Iswaran was sentenced to one year in jail by presiding judge Justice Vincent Hoong.

The prosecution had sought a sentence of six to seven months for all charges, while the defence had asked for a significantly reduced sentence of no more than eight weeks.

Ong, a Malaysian national based in Singapore, was arrested by CPIB in July 2023 and released on bail shortly thereafter. Although no charges were initially filed against him, Ong’s involvement in the case intensified following Iswaran’s guilty plea.

The Attorney-General’s Chambers (AGC) had earlier indicated that it would soon make a decision regarding Ong’s legal standing, which has now led to the current charges.

According to the statement of facts read during Iswaran’s conviction, Ong’s case came to light as part of a broader investigation into his associates, which revealed Iswaran’s use of Ong’s private jet for a flight from Singapore to Doha in December 2022.

CPIB investigators uncovered the flight manifest and seized the document.

Upon learning that the flight records had been obtained, Ong contacted Iswaran, advising him to arrange for Singapore GP to bill him for the flight.

Iswaran subsequently paid Singapore GP S$5,700 for the Doha-Singapore business class flight in May 2023, forming the basis of his obstruction of justice charge.

Mr Ong is recognised as the figure who brought Formula One to Singapore in 2008, marking the first night race in the sport’s history.

He holds the rights to the Singapore Grand Prix. Iswaran was the chairman of the F1 steering committee and acted as the chief negotiator with Singapore GP on business matters concerning the race.

 

Continue Reading

Current Affairs

Chee Soon Juan questions Shanmugam’s $88 million property sale amid silence from Mainstream Media

Dr Chee Soon Juan of the SDP raised concerns about the S$88 million sale of Mr K Shanmugam’s Good Class Bungalow at Astrid Hill, questioning transparency and the lack of mainstream media coverage. He called for clarity on the buyer, valuation, and potential conflicts of interest.

Published

on

On Sunday (22 Sep), Dr Chee Soon Juan, Secretary General of the Singapore Democratic Party (SDP), issued a public statement on Facebook, expressing concerns regarding the sale of Minister for Home Affairs and Law, Mr K Shanmugam’s Good Class Bungalow (GCB) at Astrid Hill.

Dr Chee questioned the transparency of the S$88 million transaction and the absence of mainstream media coverage despite widespread discussion online.

According to multiple reports cited by Dr Chee, Mr Shanmugam’s property was transferred in August 2023 to UBS Trustees (Singapore) Pte Ltd, which holds the property in trust under the Jasmine Villa Settlement.

Dr Chee’s statement focused on two primary concerns: the lack of response from Mr Shanmugam regarding the transaction and the silence of major media outlets, including Singapore Press Holdings and Mediacorp.

He argued that, given the ongoing public discourse and the relevance of property prices in Singapore, the sale of a high-value asset by a public official warranted further scrutiny.

In his Facebook post, Dr Chee posed several questions directed at Mr Shanmugam and the government:

  1. Who purchased the property, and is the buyer a Singaporean citizen?
  2. Who owns Jasmine Villa Settlement?
  3. Were former Prime Minister Lee Hsien Loong and current Prime Minister Lawrence Wong informed of the transaction, and what were their responses?
  4. How was it ensured that the funds were not linked to money laundering?
  5. How was the property’s valuation determined, and by whom?

The Astrid Hill property, originally purchased by Mr Shanmugam in 2003 for S$7.95 million, saw a significant increase in value, aligning with the high-end status of District 10, where it is located. The 3,170.7 square-meter property was sold for S$88 million in August 2023.

Dr Chee highlighted that, despite Mr Shanmugam’s detailed responses regarding the Ridout Road property, no such transparency had been offered in relation to the Astrid Hill sale.

He argued that the lack of mainstream media coverage was particularly concerning, as public interest in the sale is high. Dr Chee emphasized that property prices and housing affordability are critical issues in Singapore, and transparency from public officials is essential to maintain trust.

Dr Chee emphasized that the Ministerial Code of Conduct unambiguously states: “A Minister must scrupulously avoid any actual or apparent conflict of interest between his office and his private financial interests.”

He concluded his statement by reiterating the need for Mr Shanmugam to address the questions raised, as the matter involves not only the Minister himself but also the integrity of the government and its responsibility to the public.

The supposed sale of Mr Shamugam’s Astrid Hill property took place just a month after Mr Shanmugam spoke in Parliament over his rental of a state-owned bungalow at Ridout Road via a ministerial statement addressing potential conflicts of interest.

At that time, Mr Shanmugam explained that his decision to sell his home was due to concerns about over-investment in a single asset, noting that his financial planning prompted him to sell the property and move into rental accommodation.

The Ridout Road saga last year centred on concerns about Mr Shanmugam’s rental of a sprawling black-and-white colonial bungalow, occupying a massive plot of land, managed by the Singapore Land Authority (SLA), which he oversees in his capacity as Minister for Law. Minister for Foreign Affairs, Dr Vivian Balakrishnan, also rented a similarly expansive property nearby.

Mr Shanmugam is said to have recused himself from the decision-making process, and a subsequent investigation by the Corrupt Practices Investigation Bureau (CPIB) found no wrongdoing while Senior Minister Teo Chee Hean confirmed in Parliament that Mr Shanmugam had removed himself from any decisions involving the property.

As of now, Mr Shanmugam has not commented publicly on the sale of his Astrid Hill property.

Continue Reading

Trending