Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Lessons from PDPC Incident and Undertaking: August 2021 Cases

Lessons from PDPC Incident and Undertaking: August 2021 Cases

It is the bounden duty of business organizations to keep abreast with the latest PDPC incident and undertaking
It is the bounden duty of business organizations to keep abreast with the latest PDPC incident and undertaking

The latest decisions for the month of August of the Personal Data Protection Committee (PDPC) has been published on their official website.

Tasked with the administration and enforcement of Singapore’s Personal Data Protection Act (PDPA), the PDPC aims to balance the protection of individuals’ personal data with organizations’ need to use the data for legitimate purposes.

In doing so, PDPC publishes their decisions on their website, open to the perusal of any interested party on the internet. Thus, for better adherence with the data security standards, it is the bounden duty of business organizations to keep abreast with the latest PDPC incident and undertaking.

Let’s have a review of these August 2021 cases to learn a thing or two on cybersecurity.

Also Read: 5 Types of Ransomware, Distinguished

August 12: Singapore Telecommunications Limited, unsuccessful social engineering scam

Our first case of PDPC incident and undertaking involves Singapore Telecommunications Limited, or Singtel for short. The subject organization has reported to the PDPC in July 15 an incident that took place two days prior. According to the filed information, a threat actor was able to gain access to 17 subscriber accounts and has requested for issuance of new SIM cards and performance of other telco services, barring the rightful account owners from opening their account.

Singtel‘s investigations revealed that the incident was due to a coordinated social engineering tactics employed against their staff. Once the staff accounts were infiltrated, the perpetrator then gained control of subscriber accounts.

Fortunately, no evidence was found suggesting any damage to the Singtel IT System’s integrity. No data was reported to have been exfiltrated or compromised because of the incident since STL has enforced the following reasonable security arrangements:

  • Password requirements in security policies, standards and guidelines were aligned to industry best practices;
  • Systems and network enhancements were continually implemented to improve the security of applications and IT infrastructure;
  • Comprehensive and annual mandatory training was conducted for all staff in relation to the requirements under the PDPA; and
  • Reasonable security measures were in place for the work environment of all staff based locally and overseas.

With Singtel’s quick response, the effects of the breach was mitigated through suspension of compromised staff accounts and by password resets. Verily the Deputy Commissioner for Personal Data Protection decided that Singtel had met its Protection Obligation in the incident.

August 12: Equity Solution Pte Ltd, phishing scam remedial actions

Our second case of PDPC incident and undertaking involves Equity Solution Pte Ltd, or ESPL for short. This Singapore-based mortgage consultancy firm, was subjected to a phishing attack after an employee opened an email attachment laced with macro-enabled malware.

The breach that ensued lead to the exploitation of about 1,359 private individual data, including: individuals’ names, addresses, dates of birth, NRIC numbers, passport numbers and financial information.

This is where hiring an outsourced DPO can help. Aside from the fact that it is mandatory under the PDPA, an outsourced Data Protection Officer (DPO) oversees data protection responsibilities and ensures that organizations comply with the Personal Data Protection Act (PDPA).

The PDPC found ESPL to have insufficient training for its staff on basic cybersecurity and data protection measures; plus, it has a weak IT security policy and no security risk management of some sort. Thus, the ESPL made efforts to address the raised concerns by improving its personal data protection practices, as reflected on their Undertaking.

The strategy involved a well-crafted remediation plan containing the herein enumerated procedures:

  • Secured files and documents using password protection; 
  • Hardened its operating system;
  • Implemented a strong password protection policy;
  • Reviewed and updated its email usage policy; 
  • Implemented training and awareness programs for its employees; and
  • Reviewed and updated its personal data protection policy.

After the PDPC’s evaluation, ESPL was found to have complied with the terms of the Undertaking.

These two cases of PDPC incident and undertaking are once again illustrative of the important role cybersecurity plays when it comes to compliance with the PDPA, or any private information protection policy for that matter.

By being up to date on the latest decisions of the Commission, your organization is further equipped with the appropriate knowledge through true-to-life incidents when it comes to handling data breaches.

This adds to your overall preparedness in the event that you face the same security compromises.

Also Read: Data Minimization; Why Bigger is Not Always Better



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us