10 Government Data Leaks In Singapore: Prevent Cybersecurity
The Singapore government is to establish a new Data Security Office and implement a number of measures to better safeguard citizen information, following a series of serious government data leaks.
The decision to set up the new unit, which will be part of the Prime Minister’s Office, comes after a committee found that 75% of government agencies are not keeping up with existing data security legislation in at least one area.
According to GovInsider, the Public Sector Data Security Review Committee began its review into how the government handles citizen data on 31 March, in the wake of major breaches including the SingHealth leak of personal information belonging to 1.5 million healthcare patients.
Having inspected 366 systems across Singapore’s 94 public sector agencies, the committee made a number of recommendations.
The government has pledged to roll out measures that will satisfy the recommendations in 80% of its systems by the end of 2021, and the remaining 20% by end of 2030.
The recommendations include making public sector leaders accountable for putting in place a “strong organisational data security regime”; encouraging cultural change within agencies on how data is used and shared; and training all civil servants in data security.
10 Major Government Data Leaks In Singapore That Explain Why We Must Prioritize Cybersecurity
Government Data Leaks Have Been On The Rise In Singapore
Singapore was ranked the safest country in the world based on a report by the World Justice Project in 2018. However, it seems that government data leaks are threatening our online safety.
In 2019 alone, there were 3 major government data leaks that affected millions of Singaporeans. Over the years, there have been other high profile cases that you may have forgotten.
We revisit a few breaches that threatened Singapore since the ‘internet age’.
1. Y2K bug in 1999
The Y2K bug, also known as the Millennium Bug, messed with the formatting and storage of calendar data right before the year 2000.
The bug affected Singaporeans at every level.
To our average Singaporeans, it may have been slightly troublesome. For example, the bug caused computerised taxi meters to stop working in Singapore.
Tech stock companies were dealt a more severe blow. Many saw their stocks nosediving and could do nothing about it. The rapid fall in stocks also forced certain banks to sell off business assets.
2. Anonymous attacks in 2013
The Anonymous case was one of the most iconic in Singapore’s history. The hackers donned the infamous Guy Fawkes mask whenever they appeared on screen to speak.
Anonymous is a decentralised hacktivist group that focuses on correcting injustices.
2 hackers, who declared themselves part of Anonymous, declared war on Singapore due to a new law on web censorship.
The group attacked PAP’s webpage, government data leaks employees’ personal information.
3. SingPass leaks in 2014
1,500 SingPass accounts were hacked into a few months after the Anonymous attacks.
The situation began when SingPass was informed of false password resets. People received letters informing them that they had reset their password when they did not do so.
At the time, 1560 SingPass accounts were potentially accessed.
Even after the breach, SingPass accounts were used for crimes such as fake work pass applications.
4. K Box Data Leaks in 2014
More than 300,000 K Box members had their mobile numbers, ID card numbers, and addresses leaked in Oct 2014.
This incident was due to Singapore raising her causeway toll rate which enraged hackers, “The Knowns”.
They threatened to leak more information from other companies if their conditions were not met. Fortunately, they never followed up on their threats.
The leak was attributed to their lacklustre effort to protect clients information.
5. WannaCry Ransomware 2017
WannaCry ransomware encrypts files in your computer preventing you from accessing it. Attackers would only decrypt the files if you paid them a sum in Bitcoin.
Fortunately, the ransomware did not hit Singapore as badly as others. Only 500 IP addressed were affected by this.
The software had was stopped from spreading as a ‘kill switch’ was found ending the saga.
6. MINDEF got hacked in 2017
MINDEF was hacked by an unknown group of people in 2017.
Fortunately, the hackers only got away with the personal data of 850 NSmen as MINDEF keeps its information on a seperate server.
Based on MINDEF’s statements, the attack was pre-meditated and could even have been sponsored by other states that were trying to steal classified information.
7. SingHealth got hacked in 2018
Singapore’s worst cyber attack so far happened in 2018. 1.5 million SingHealth patients had their personal particulars stolen.
But what shook Singapore the most was that the attacks were directed at our Prime Minister Mr Lee Hsien Loong himself.
8. HIV data leak in 2019
The ‘hottest’ data leak of 2019 was probably the pair that were involved in HIV leak.
Mr Farrera-Brochez, Mr Ler Teck Siang’s lover, was charged with fraud and drug-related offences in 2016. He was deported back to America in 2018 after he completed his jail term.
His name resurfaced again in 2019 as he was suspected to have leaked the personal information of over 14,200 HIV-positive individuals.
9. Blood-donors personal information exposed in 2019
Over 800,000 blood donors had their information leaked online due to a loophole in the system.
A cybersecurity expert was the first to spot the system fault. Thanks to his report, HSA disabled the database and the police were informed.
10. MOH, MOE accounts sold on the dark web in 2019
A Russia cyber-security group found details like usernames and passwords of accounts related to MOH, MOE, Singapore Police and NUS and payment care details on the dark web.
Based on a spokesman of A Smart Nation and Digital Government Group, the main reason for these leaks are the government data leaks email addresses.
Government email addresses were being used for personal purposes like sign-ups for events and marketing promotions.
Singapore Prioritizing Cybersecurity
Singapore’s track record doesn’t seem to be great considering that there were other small-scale cases not on this list.
However, when we look at the bigger picture, the government is doing a lot to improve cybersecurity.
During the Trump-Kim Summit, there were 40,000 attacks on Singapore. None managed to succeed due to measures put in place by the Cyber Security Agency of Singapore.
Privacy Ninja provides GUARANTEED quality and results for the following services:
DPO-As-A-Service (Outsourced DPO Subscription)
PDPA Compliance Training
PDPA Compliance Audit
Digital Transformation Consultancy
Data Protection Trustmarks Certification Readiness Consultancy
PDPA Data Protection Software
Vulnerability Assessment & Penetration Testing (VAPT)
Smart Contract Audit