The Singapore government is to establish a new Data Security Office and implement a number of measures to better safeguard citizen information following a series of serious government data leaks.
The decision to set up the new unit, which will be part of the Prime Minister’s Office, comes after a committee found that 75% of government agencies are not keeping up with existing data security legislation in at least one area.
According to GovInsider, the Public Sector Data Security Review Committee began its review into how the government handles citizen data on 31 March, in the wake of major breaches, including the SingHealth leak of personal information belonging to 1.5 million healthcare patients.
Having inspected 366 systems across Singapore’s 94 public sector agencies, the committee made a number of recommendations. The government has pledged to roll out measures that will satisfy the recommendations in 80% of its systems by the end of 2021 and the remaining 20% by the end of 2030.
The recommendations include making public sector leaders accountable for putting in place a “strong organizational data security regime,”; encouraging cultural change within agencies on how data is used and shared, and training all civil servants in data security.
Singapore was ranked the safest country in the world based on a report by the World Justice Project in 2018. However, it seems that government data leaks are threatening our online safety. In 2019 alone, three major government data leaks affected millions of Singaporeans. Over the years, there have been other high-profile cases that you may have forgotten.
We revisit a few breaches that threatened Singapore since the internet age.
The Y2K bug, also known as the Millennium Bug, messed with the formatting and storage of calendar data right before the year 2000. The bug affected Singaporeans at every level.
To our average Singaporeans, it may have been slightly troublesome. For example, the bug caused computerized taxi meters to stop working in Singapore.
Tech stock companies were dealt a more severe blow. Many saw their stocks nosediving and could do nothing about it. The rapid fall in stocks also forced certain banks to sell off business assets.
The Anonymous case was one of the most iconic in Singapore’s history. The hackers donned the infamous Guy Fawkes mask whenever they appeared on screen to speak. Anonymous is a decentralized hacktivist group that focuses on correcting injustices.
Two hackers, who declared themselves part of Anonymous, declared war on Singapore due to a new law on web censorship. The group attacked PAP’s webpage, and government data leaked employees’ personal information.
1,500 SingPass accounts were hacked into a few months after the Anonymous attacks.
The situation began when SingPass was informed of false password resets. People received letters informing them that they had reset their password when they did not do so. At the time, 1560 SingPass accounts were potentially accessed.
Even after the breach, SingPass accounts were used for crimes such as fake work pass applications.
More than 300,000 K Box members had their mobile numbers, ID card numbers, and addresses leaked in Oct 2014. This incident was due to Singapore raising her causeway toll rate, which enraged hackers, “The Knowns”. They threatened to leak more information from other companies if their conditions were not met.
Fortunately, they never followed up on their threats.
The leak was attributed to their lackluster effort to protect clients’ information.
WannaCry ransomware encrypts files in your computer, preventing you from accessing it. Attackers would only decrypt the files if you paid them a sum in Bitcoin. Fortunately, the ransomware did not hit Singapore as badly as others. Only 500 IP addresses were affected by this.
The software was stopped from spreading as a ‘kill switch’ was found, ending the saga.
Also read: How Being Data Protection Trained Can Help With Job Retention
An unknown group of people hacked MINDEF in 2017. Fortunately, the hackers only got away with the personal data of 850 NSmen as MINDEF keeps its information on a separate server.
Based on MINDEF’s statements, the attack was pre-meditated and could even have been sponsored by other states that were trying to steal classified information.
Singapore’s worst cyber attack so far happened in 2018. 1.5 million SingHealth patients had their personal particulars stolen. But what shook Singapore the most was that the attacks were directed at our Prime Minister, Mr. Lee Hsien Loong himself.
The ‘hottest’ data leak of 2019 was probably the pair that were involved in the HIV leak. Mr. Farrera-Brochez, Mr. Ler Teck Siang’s lover, was charged with fraud and drug-related offenses in 2016. He was deported back to America in 2018 after he completed his jail term.
His name resurfaced again in 2019 as he was suspected of having leaked the personal information of over 14,200 HIV-positive individuals.
Over 800,000 blood donors had their information leaked online due to a loophole in the system.
A cybersecurity expert was the first to spot the system fault. Thanks to his report, HSA disabled the database and the police were informed.
A Russian cyber-security group found details like usernames and passwords of accounts related to MOH, MOE, Singapore Police, and NUS and payment care details on the dark web. Based on a spokesman of A Smart Nation and Digital Government Group, the main reason for these leaks are the government data leaks email addresses.
Government email addresses were being used for personal purposes like sign-ups for events and marketing promotions.
Singapore’s track record doesn’t seem to be great, considering that other small-scale cases were not on this list. However, when we look at the bigger picture, the government is doing a lot to improve cybersecurity.
During the Trump-Kim Summit, there were 40,000 attacks on Singapore. None managed to succeed due to measures put in place by the Cyber Security Agency of Singapore.
Also read: 12 brief explanation about the benefits of data protection for business success
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.
