Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

PDPC new undertaking 2023: Nippon Express

PDPC new undertaking 2023
The PDPC new undertaking 2023 is here to serve as a case study for Singapore organisations

PDPC new undertaking 2023: Nippon Express Group

A new year, a new set of decisions and undertakings are upon us to look into to guide us in our cybersecurity compliance and path. All year round, these cases will pave the way for the organisations’ added security measures to keep bad actors at bay.

The PDPC new undertaking 2023 has been published on PDPC’s official website. For this month of January, one (1) case has been issued covering the undertaking given to Nippon Express after a malicious actor targeted it.

It should be noted that the Personal Data Protection Act (PDPA) aims to balance the organizations’ needs to use data for legitimate purposes with the protection of individuals’ personal information as it is tasked with administration and enforcement.

In doing so, the decisions conducted by PDPC are published on their website, which is open to all who want to read the latest data security standards set by the PDPC. With this, for the better observance of organizations with such standards, it is their duty to be kept updated with the latest PDPC incident and undertakings.

Let’s have a look at the PDPC new undertaking 2023 case with the latest cybersecurity updates to date.

This undertaking aims to ensure that organizations are aware of the latest advancements in cybersecurity and can take the necessary steps to protect the personal data they handle.

PDPC new undertaking 2023: Nippon Express

This month’s only decision involves Nippon Express’ undertaking by the Personal Data Protection Commission (PDPC). On November 14, 2021, Nippon was targeted by a bad actor, which resulted in its several servers and endpoints being encrypted with an unknown ransomware variant.

Nippon centrally manages such servers, and at the time of the incident, the affected servers contained not only the personal data from the organisation itself but also the personal data of Nippon Express (South Asia & Oceania) Pte Ltd and NEX Global Engineering Pte Ltd.

With this, the personal data of 1,077 individuals were affected, including their names, addresses, telephone numbers, NRIC numbers, passport numbers, photographs, date of birth, health information, and financial information.

Upon investigation, it was found that Nippon Express lacked MFA for administrative and remote access to all systems; and inadequate security reviews to identify vulnerabilities within its infrastructure.

With this, Nippon Express implemented the following remedial actions:

(a) Implemented MFA for all administrative and remote access;
(b) Reviewed Active Directory accounts;
(c) Performed an external and internal vulnerability assessment;
(d) Ensured all software and operating systems were updated with patches;
(e) Ensured the usage of strong passwords;
(f) Implemented enterprise-grade anti-virus software;
(g) Implemented 3-2-1 backup rule; and
(h) Remove remote access tools.

After considering the facts of the case, including Nippon Express Group’s remedial actions to enhance its personal data protection procedures, the Commission accepted Nippon Express’s undertaking to strengthen its compliance with the Personal Data Protection Act 2012.

Bad actors are lurking, conduct a pen test now to check if your organisation has vulnerabilities that they can exploit!

Penetration testing to combat vulnerabilities

With bad actors lurking around, an organisation must not have vulnerabilities lying around. Since the naked eye cannot see this, it is a best practice for every organisation in Singapore to conduct periodic penetration testing to ensure that every vulnerability present is identified and patched up so that bad actors can’t get a hold of them. 

Privacy Ninja can assist you in this endeavor by providing penetration testing services, which check if your organisation has vulnerabilities that could be exploited by bad actors, whether in your email environment or your organisation in general. 

Privacy Ninja has years of experience in cybersecurity and offers quality services, as evidenced by the feedback from its clients as the years go by. It is a licensed VAPT provider (Penetration Testing Service License No. CS/PTS/C-2022-0128) and has the best team of professionals who are experts in their field, leaving no stone unturned in checking for any vulnerabilities in your system or organisation as a whole. 

Moreover, we work hand in hand with our clients and deliver results on time, especially when there is a hint of vulnerabilities that need to be checked. Most importantly, Privacy Ninja has a Price Beat Guarantee, which makes the service even more affordable but will not leave the quality of services each client deserves. 

What are you waiting for? Choose Privacy Ninja now as your penetration testing partner and experience the quality of services brought to you by cybersecurity experts at an affordable price, Price Beat Guarantee!

Watch Nippon Express Singapore Malicious Attack



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us