Close on the heels of a cyberattack on the SingHealth database, another case of data breach has come to light in Singapore whereby about 70,000 members of Securities Investor Association had their personal details illegally accessed and copied in 2013. However, the data breach was uncovered five years later yesterday.
Cyber Security Agency of Singapore (CSA) informed the investor watchdog about the data breach yesterday.
Writing an email to the members, Richard Dyason, general manager of Securities Investors Association Singapore (SIAS), said, “The association’s membership database was breached and leaked five years ago, resulting in names, NRIC numbers and telephone numbers of affected members being illegally accessed and copied.”
However, “no records were amended or deleted”, it added.
“We sincerely apologise for the service disruption and for any distress that the breached may have caused,” stated email.
SIAS said that it is taking active steps to prevent any further illegal access as investigations into the breach gets underway.
Meanwhile, SIAS has taken its data offline and is working on a new website.
Checking the website, one can find association's logo and a message below saying, “SIAS new website is under development, we should be up in two days. Look forward to your visit soon.”
The incident has come on the backdrop of cyberattack on SingHealth’s database in which personal information of 1.5 million people including that of Prime Minister Lee Hsien Loong was stolen by hackers.
However, CSA stated that SIAS breach is not related to the SingHealth incident.
In a statement, CSA stated, “As SIAS is not a public-sector agency nor Critical Information Infrastructure, SingCert reached out to them to inform them and asked them to verify the situation.”
“We noted that SIAS website has some vulnerabilities hackers could have exploited. We alerted SIAS about technical issues in their website design so that they can take the necessary safeguards,” it added.