• About Us
    • Fact Checking Policy
    • Ownership & funding information
    • Volunteer
  • Subscribe
  • Letter submission
    • Submissions Policy
  • Contact Us
The Online Citizen Asia
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
The Online Citizen Asia
No Result
View All Result

Over 120,000 individual's data compromised in two malware incident, including that of over 100,000 MINDEF/SAF personnel

by kathleen
23/12/2019
in Current Affairs, Headline, Tech
Reading Time: 4 mins read
0

Hacker hands at work with interface around from Shutterstock.com

The Ministry of Defence (MINDEF) and Singapore Armed Forces (SAF) have experienced malware incidents involving the personal data of several thousand MINDEF/SAF personnel as two of its vendors, HMI Institute of Health Sciences and ST Logistics, reported data breaches in their systems.
In a statement on 21 December, MINDEF said that HMI Institute of Health Sciences (HMI Institute) has been contracted by the SAF since 2016 and ST Logistics has been a vendor since 1999. Both were provided with the personal data of MINDEF and SAF personnel for the provision of their services.
On 21 December, HMI Institute announced in a statement that it discovered a file server that was encrypted by ransomware of 4 December which contained the personal data of over 120,000 individuals including full names, NRIC numbers, date of birth, home addresses and email addresses. Among those, approximately 98,000 are SAF servicemen who attended the Cardio Pulmonary Resuscitation (CPR) and Automated External Defibrillation (AED) course provided by HMI Institute.
HMI Institute, owned by Health Management International, noted that the server was immediately taken offline and isolated from the internet and internal network. They then engaged a cybersecurity firm to investigate the incident. It was found that the attack was random and opportunistic, though there was no evidence to show that the data on the affected server was copied or exported. The statement said that there is a “low likelihood of a data leak”.
Mr Tee Soo Kong, Executive Director, HMI Institute of Health Sciences said: “We take this incident very seriously and we deeply apologise to the students and applicants affected and for the inconvenience caused. Preserving their privacy and keeping their personal data safe are our highest priorities.”
He added, “We have also put in place additional measures to fortify our systems against increasingly sophisticated cyber intrusions.”
As for ST Logistics, the company said the breach it experienced was a result of email phishing activities sent to its employees’ email accounts.
“This data, contained in working files residing in affected workstations, may have been exfiltrated,” it said.
The affected systems contained the full names and NRIC numbers as well as a combination of contact numbers, emails and residential addresses of about 2,400 MINDEF/SAF personnel. In this case, MINDEF said that preliminary investigations indicate that personal data could have been leaked.
ST Logistics, which is owned by Japan Post, added that it has carried out “extensive forensic investigations” via its own cybersecurity team supported by external cybersecurity experts.
Both companies reported the incidents to the Personal Data Protection Commission (PDPC) and the Singapore Computer Emergency Response Team (SingCERT). PDPC is investigating both cases.
MINDEF said, “MINDEF and the SAF take a serious view on the secure handling of personal data by our vendors. The security of their IT systems is an important factor that will be taken into account in the award of contracts.”
It added that it is engaging other vendors who hold MINDEF/SAF personnel information to strengthen the security of their IT systems.
Defence Cyber Chief Brigadier-General Mark Tan said, “The malware incidents affected the IT systems of our vendors. Although MINDEF/SAF’s systems and operations were not affected, the malware incidents in these vendor companies may have compromised the confidentiality of our personnel’s personal data. We will review the cybersecurity standards of our vendors to ensure that they are able to protect our personnel’s personal data and information.”
MINDEF notes that affected personnel are being notified of the breach from 21 December onwards.

Breaches in 2019

This latest incident is yet another in a string of security breaches in Singapore this year which culminated in the formation of the Public Sector Data Security Review Committee on 1 April to review how the Government secures and protects the data of its citizens. The government said in November it will be rolling out recommendations from the committee in 80% of its systems by the end of 2021, and the remaining 20% by end of 2030.
One of the cybersecurity incidents this year happened in March when Russian cybersecurity company Group-IB revealed its discovery of a massive data breach involving email log-in and passwords from several government organisations on the dark web since 2017 as well as over 19,000 compromised payment card details stolen and put up for sale by the hackers.
In a statement, Group-ID revealed that the breach involved Singapore’s Government Technology Agency, Ministry of Education, Ministry of Health, the Singapore Police Force and the National University of Singapore.
Also in March, insurance company AIA reported that one of its web portals containing the personal information of 200 people was found to be publicly accessible. In worse cases, the data of more than 800,000 blood donors were placed at risk over the internet due to unauthorised access by a Health Sciences Authority (HAS) vendor for over two months, also revealed in March.
Earlier in January, the Ministry of Health was notified by the police that the confidential data of 14,2000 individuals in the national HIV Registry, as well as 2,4000 contacts, has been illegally disclosed online.
Those were all in 2019. However, in June 2018, Singapore saw the worse cyber attack in its history which resulted in the personal data breach of 1.5 million patients of healthcare cluster SingHealth, including the information of Prime Minister Lee Hsien Loong.
According to data research, the number of leaked cards has increased by 56% in 2018 compared to 2017, following a string of breaches and cyber attacks in both the public and private sector.

For just US$7.50 a month, sign up as a subscriber on The Online Citizen Asia (and enjoy ads-free experience on our site) to support our mission to transform TOC into an alternative mainstream press.

Related Posts

AFP

Myanmar junta imposes tough new measures on resistance strongholds

03/02/2023
Malaysia High Court dismissed DPM Zahid’s application to get passport returned permanently
Malaysia

Malaysia High Court dismissed DPM Zahid’s application to get passport returned permanently

03/02/2023
Why is Gautam Adani’s Indian empire in turmoil?
AFP

Adani turmoil a key test for Modi’s India Inc

03/02/2023
Kajang cops chided for denying woman access to police HQ because she was wearing shorts
Community

Kajang cops chided for denying woman access to police HQ because she was wearing shorts

03/02/2023
Adani’s brother runs SG company and registers as director with local ID
Current Affairs

Adani’s brother runs SG company and registers as director with local ID

03/02/2023
Minister Tan See Leng only reveals 500 intra-corporate transferees from India for last year – a Covid year
Opinion

Increasing number of working Permanent Residents in Singapore but with a stable PR population

03/02/2023
Subscribe
Connect withD
Login
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Notify of
Connect withD
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
0 Comments
Inline Feedbacks
View all comments

Latest posts

Myanmar junta imposes tough new measures on resistance strongholds

03/02/2023
Malaysia High Court dismissed DPM Zahid’s application to get passport returned permanently

Malaysia High Court dismissed DPM Zahid’s application to get passport returned permanently

03/02/2023
Why is Gautam Adani’s Indian empire in turmoil?

Adani turmoil a key test for Modi’s India Inc

03/02/2023
Kajang cops chided for denying woman access to police HQ because she was wearing shorts

Kajang cops chided for denying woman access to police HQ because she was wearing shorts

03/02/2023
Adani’s brother runs SG company and registers as director with local ID

Adani’s brother runs SG company and registers as director with local ID

03/02/2023
Minister Tan See Leng only reveals 500 intra-corporate transferees from India for last year – a Covid year

Increasing number of working Permanent Residents in Singapore but with a stable PR population

03/02/2023

A multi-party parliament is the only way to make sure that Singapore continues to not condone or tolerate corruption

03/02/2023
Anwar criticised over appointing own daughter as his senior advisor

Anwar criticised over appointing own daughter as his senior advisor

03/02/2023

Trending posts

Former Singaporean shares change of life in Australia with annual pay of S$80,000 as a plumber

Former Singaporean shares change of life in Australia with annual pay of S$80,000 as a plumber

by Yee Loon
30/01/2023
25

...

Earning only S$400 a month, delivery-rider turned hawker threw in the towel after two years of running a rojak stall

Earning only S$400 a month, delivery-rider turned hawker threw in the towel after two years of running a rojak stall

by Yee Loon
26/01/2023
24

...

They have done a fine job of confusing us about the jobs situation

They have done a fine job of confusing us about the jobs situation

by Augustine Low
01/02/2023
36

...

Two Indian nationals paid about S$330 and S$730 respectively for forged certificates submitted in their S-Pass application

MOM found issuing EPs meant for foreign PMETs to PRC waitress and general worker

by Correspondent
26/01/2023
41

...

Singapore warns slower economic growth in 2023

Less than 1 in 10 jobs created in first three quarters of 2022 went to Singaporeans?

by Leong Szehian
28/01/2023
69

...

Excessively charging for an essential need, and calling it affordable because people still can pay for it?

by Terry Xu
31/01/2023
39

...

December 2019
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
« Nov   Jan »

The Online Citizen is a regional online publication based in Taiwan and formerly Singapore’s longest-running independent online media platform.

Navigation

  • Editorial
  • Commentaries
  • Opinion
  • Politics
  • Community

Support

  • Contact Us
  • Letter submission
  • Membership subscription

Follow Us

  • Facebook
  • Twitter
  • YouTube
  • Instagram
  • Fact Checking Policy
  • Privacy Policy

© 2022 - 2023 The Online Citizen Asia

No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Comments
  • Current Affairs
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Civil Society
    • Arts & Culture
    • Consumer Watch
    • NGO
  • Politics
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
  • Lifestyle
    • Travel
  • Subscribers login

© 2022 - 2023 The Online Citizen Asia

wpDiscuz