Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The 10 Government data leaks in Singapore

The 10 Government data leaks in Singapore

10 Government Data Leaks In Singapore

The Singapore government is to establish a new Data Security Office and implement a number of measures to better safeguard citizen information following a series of serious government data leaks. 

The decision to set up the new unit, which will be part of the Prime Minister’s Office, comes after a committee found that 75% of government agencies are not keeping up with existing data security legislation in at least one area.

According to GovInsider, the Public Sector Data Security Review Committee began its review into how the government handles citizen data on 31 March, in the wake of major breaches, including the SingHealth leak of personal information belonging to 1.5 million healthcare patients.

Having inspected 366 systems across Singapore’s 94 public sector agencies, the committee made a number of recommendations. The government has pledged to roll out measures that will satisfy the recommendations in 80% of its systems by the end of 2021 and the remaining 20% by the end of 2030.

The recommendations include making public sector leaders accountable for putting in place a “strong organizational data security regime,”; encouraging cultural change within agencies on how data is used and shared, and training all civil servants in data security.

10 major government data leaks in Singapore that explain why we must prioritize cybersecurity

Government data leaks have been on the rise in Singapore

Singapore was ranked the safest country in the world based on a report by the World Justice Project in 2018. However, it seems that government data leaks are threatening our online safety. In 2019 alone, three major government data leaks affected millions of Singaporeans. Over the years, there have been other high-profile cases that you may have forgotten.

We revisit a few breaches that threatened Singapore since the internet age.

1. Y2K bug in 1999

The Y2K bug, also known as the Millennium Bug, messed with the formatting and storage of calendar data right before the year 2000. The bug affected Singaporeans at every level.

To our average Singaporeans, it may have been slightly troublesome. For example, the bug caused computerized taxi meters to stop working in Singapore.

Tech stock companies were dealt a more severe blow. Many saw their stocks nosediving and could do nothing about it. The rapid fall in stocks also forced certain banks to sell off business assets.

2. Anonymous attacks in 2013

The Anonymous case was one of the most iconic in Singapore’s history. The hackers donned the infamous Guy Fawkes mask whenever they appeared on screen to speak. Anonymous is a decentralized hacktivist group that focuses on correcting injustices.

Two hackers, who declared themselves part of Anonymous, declared war on Singapore due to a new law on web censorship. The group attacked PAP’s webpage, and government data leaked employees’ personal information.

3. SingPass leaks in 2014

1,500 SingPass accounts were hacked into a few months after the Anonymous attacks.

The situation began when SingPass was informed of false password resets. People received letters informing them that they had reset their password when they did not do so. At the time, 1560 SingPass accounts were potentially accessed.

Even after the breach, SingPass accounts were used for crimes such as fake work pass applications.

4. K Box Data Leaks in 2014

More than 300,000 K Box members had their mobile numbers, ID card numbers, and addresses leaked in Oct 2014. This incident was due to Singapore raising her causeway toll rate, which enraged hackers, “The Knowns”. They threatened to leak more information from other companies if their conditions were not met.

Fortunately, they never followed up on their threats.
The leak was attributed to their lackluster effort to protect clients’ information.

5. WannaCry Ransomware 2017

WannaCry ransomware encrypts files in your computer, preventing you from accessing it. Attackers would only decrypt the files if you paid them a sum in Bitcoin. Fortunately, the ransomware did not hit Singapore as badly as others. Only 500 IP addresses were affected by this.

The software was stopped from spreading as a ‘kill switch’ was found, ending the saga.

Also read: How Being Data Protection Trained Can Help With Job Retention

6. MINDEF got hacked in 2017

An unknown group of people hacked MINDEF in 2017. Fortunately, the hackers only got away with the personal data of 850 NSmen as MINDEF keeps its information on a separate server.
Based on MINDEF’s statements, the attack was pre-meditated and could even have been sponsored by other states that were trying to steal classified information.

7. SingHealth got hacked in 2018

Singapore’s worst cyber attack so far happened in 2018. 1.5 million SingHealth patients had their personal particulars stolen. But what shook Singapore the most was that the attacks were directed at our Prime Minister, Mr. Lee Hsien Loong himself.

8. HIV data leak in 2019

The ‘hottest’ data leak of 2019 was probably the pair that were involved in the HIV leak. Mr. Farrera-Brochez, Mr. Ler Teck Siang’s lover, was charged with fraud and drug-related offenses in 2016. He was deported back to America in 2018 after he completed his jail term.
His name resurfaced again in 2019 as he was suspected of having leaked the personal information of over 14,200 HIV-positive individuals.

9. Blood-donors personal information exposed in 2019

Over 800,000 blood donors had their information leaked online due to a loophole in the system.

A cybersecurity expert was the first to spot the system fault. Thanks to his report, HSA disabled the database and the police were informed.

10. MOH, MOE accounts sold on the dark web in 2019

A Russian cyber-security group found details like usernames and passwords of accounts related to MOH, MOE, Singapore Police, and NUS and payment care details on the dark web. Based on a spokesman of A Smart Nation and Digital Government Group, the main reason for these leaks are the government data leaks email addresses.

Government email addresses were being used for personal purposes like sign-ups for events and marketing promotions.

Singapore Prioritizing Cybersecurity

Singapore’s track record doesn’t seem to be great, considering that other small-scale cases were not on this list. However, when we look at the bigger picture, the government is doing a lot to improve cybersecurity.

During the Trump-Kim Summit, there were 40,000 attacks on Singapore. None managed to succeed due to measures put in place by the Cyber Security Agency of Singapore.

Also read: 12 brief explanation about the benefits of data protection for business success



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us