E-mail log-in information of employees in several government agencies & educational institutions, as well as details of more than 19,000 compromised payment cards from banks here, have been put up for sale online by hackers.
Russian cyber-security company Group-IB revealed on Tuesday (Mar 19) that it discovered the user log-ins and passwords from several government organisations on the dark Web over the last two years. The compromised payment card information, which it said was valued at more than $600,000, was found last year.
According to a press release from Group-IB, the organisations involved include the Government Technology Agency (GovTech), Ministry of Education, Ministry of Health and the Singapore Police Force, as well as the National University of Singapore.
read more
GovTech, MOH among govt agencies with compromised logins on sale online
CREDENTIALS from several government agencies and educational institutions, as well as more than 19,000 compromised payment cards from banks in Singapore, have been put up for sale online by hackers.
Russian cybersecurity company Group-IB revealed on Tuesday that it discovered the user log-ins and passwords from several government organisations on the dark Web over the last two years. The compromised payment card information, which it said was valued at more than S$600,000, was found last year.
According to a press release from Group-IB, the organisations involved include the Government Technology Agency (GovTech), Ministry of Education, Ministry of Health & the Singapore Police Force, as well as the National University of S'pore.
read more
Govt's data management under review following CHAS error, blood donor data leak
The Government's management of data is being reviewed in light of cases of information mishandling by IT vendors.
More details on the review will be shared when ready, said the Smart Nation & Digital Government Group (SNDGG) on Friday (Mar 22), in response to queries by Channel NewsAsia.
“The Smart Nation and Digital Government Office is currently reviewing the Government’s management of data, and will share more when ready," it said.
read more
Spike in measles cases since start of year
The number of measles cases since the start of the year is more than 3 times that of the same period last year, but no deaths have been reported, said the Ministry of Health (MOH).
In the first 11 weeks of the year, there were 38 cases of measles, compared with 11 cases last year.
It is also the highest number recorded for the first 11-week period since 2015.
read more
Data leak: Several blood donor's information that was mishandled, now accessed illegally and possibly extracted
The vendor of Singapore's Health Sciences Authority (HSA), Secur Solutions Group (SSG) was accused of mishandling the data of more than 800000 blood donors in 2019. On Saturday the same group said that stated that the information, including names and NRIC numbers, went online was accessed illegally and probably extracted.
Personal Data Protection Commission (PDPC) informed HSA after they were alerted to the database vulnerability on March 13. Then the HSA contacted the SSF to remove the unsecured database from the Internet and then secured the information.
Initial investigations conducted by HAS claimed that other than the cyber experts, who identified the vulnerability, no other unauthorised person had accessed the online data.
read more
Blood donor data leak: HSA's vendor says information that went online was accessed illegally and possibly extracted
Secur Solutions Group (SSG), a vendor of the Health Sciences Authority (HSA) that mishandled the data of more than 800,000 blood donors earlier this year, on Saturday (Mar 30) said that information was accessed illegally and possibly extracted.
The information, which included names and NRIC numbers, was only secured on Mar 13 after a cybersecurity expert discovered the vulnerability and alerted authorities. Preliminary investigations by HSA showed that other than the expert who flagged the vulnerability, no other unauthorised person had accessed the database online.
Now SSG has said that its server was also accessed suspiciously from several other IP addresses.
read more
Personal data of 808,000 blood donors compromised for nine weeks; HSA lodges police report
The personal data of more than 808,000 blood donors ended up on the Internet in January — and was left there for nine weeks — by a vendor of the Health Sciences Authority (HSA), the authorities said on Friday (March 15).
The data was taken down two days ago and secured, after a cyber-security expert discovered the vulnerability and alerted the Personal Data Protection Commission.
HSA chief executive Mimi Choong said she was “deeply sorry” for the vendor's lapse and assured donors that the centralised blood bank system is not affected.
related: IT slip-up at HSA: Blood donors concerned, but will not stop giving blood
read more
Insecure Database Exposes 800,000 Singapore Blood Donors
The personal information of 808,201 blood donors who registered to donate since 1986 in Singapore was exposed after the database which contained it was left unprotected on an Internet-facing server for more than two months.
According to The Straits Times who first reported the data leak incident, Singapore's Health Sciences Authority (HSA) received the initial report on March 13 from the security expert who discovered the unsecured database.
The HSA said in a notification sent to the affected donors that Secur Solutions Group Pte Ltd (SSG), an HSA vendor, was the company which failed to appropriately protect the database against access over the internet:
SSG provides services to HSA and was working on a database containing registration-related information of 808,201 blood donors: Name, NRIC, gender, number of blood donations, dates of the last three blood donations, and in some cases, blood type, height and weight. The database contained no other sensitive, medical or contact information.read more
Personal data of over 800,000 blood donors put online by vendor: HSA
The database contained information such as name, NRIC, gender, blood type and dates of blood donations and did not contain other sensitive, medical or contact information, the HSA said in a statement on Friday (15 March).
The authority said preliminary findings show that a cyber security expert discovered the vulnerability and alerted the Personal Data Protection Commission on Wednesday.
HSA then contacted the vendor, Secur Solutions Group (SSG), to disable access to the database, and made a police report.
read more
Doctor at heart of HIV data leak suspended from practising for 9 months
The doctor at the centre of the HIV data leak in Singapore could face further disciplinary action after his medical registration was suspended for nine months, the Singapore Medical Council (SMC) announced on Tuesday (Mar 12).
Ler Teck Siang was found guilty in September last year for helping his partner Mikhy Farrera Brochez deceive the Ministry of Manpower (MOM) about Brochez's HIV-positive status, and for giving false information to the Ministry of Health (MOH) and the police.
The suspension, which came into effect on Mar 7, was ordered by an Interim Orders Committee (IOC), said the SMC.
related: Doctor at heart of HIV data leak claims he lied to police to 'retaliate' against MOH 'discrimination'
read more
MOH: IT error causes about 7,700 Singaporeans to receive wrong CHAS subsidies
The Ministry of Health (MOH) released a statement on February 16 (Saturday), saying that about 7,700 people who applied or renewed their Community Health Assist Scheme (CHAS) cards between September and October last year received miscalculated subsidies. The error was caused by a computer system malfunction. CHAS is an initiative by the government to provide healthcare subsidies to its members.
According to an article published by Channel NewsAsia, about 1,300 of the individuals affected by the software issue received lower subsidies while the other 6,400 got more than what was due to them. The excess and deficit amounts were estimated to be about S$2 million and S$400,000 respectively. The S$2 million will be covered for by NCS, the IT services and solutions provider who administered the computer system, as per their contract.
The individuals who received lower subsidies will have the lacking amount reimbursed. On the other hand, those who got an excess could keep the difference.
read more
HIV status of 14,200 people leaked online
UNAUTHORISED POSSESSION AND DISCLOSURE OF INFORMATION FROM HIV REGISTRY
Following an alert by the Police, the Ministry of Health (MOH) has ascertained that confidential information regarding 14,200 individuals diagnosed with HIV up to January 2013, and 2,400 of their contacts, is in the possession of an unauthorised person. The information has been illegally disclosed online. We have worked with the relevant parties to disable access to the information.
We are sorry for the anxiety and distress caused by this incident. Our priority is the wellbeing of the affected individuals. Since 26 January, we have been progressively contacting the individuals to notify them and render assistance.
On 22 January, MOH was notified by the Police that confidential information from MOH’s HIV Registry[1] may have been disclosed by an unauthorised person. MOH made a Police report on 23 January. On 24 January, MOH ascertained that the information matched the HIV Registry’s records up to January 2013.From 24 to 25 January, MOH worked with the relevant parties to disable access to the information.
read more
SingHealth system hit by 'massive' cyberattack
Fear, trust and a willingness to help others
In the wake of Singapore's worst data breach to date, members of the public need to be alert to scammers who may tap on these emotions to trick them into giving up even more personal information, warned cybersecurity experts.
The authorities revealed last Friday that hackers had accessed the personal information of some 1.5 million people who visited SingHealth's hospitals, specialist centres & polyclinics between May 1, 2015, and July 4 this year.
Experts that The New Paper spoke to said such incidents could lead to identity theft, fraud & social engineering attacks, which use human psychology to manipulate victims into revealing confidential information.
read more
related:
Spate of Online Scams
Spate of NUS molestation cases
Spate of fires linked to charging of PMDs
Spate of maid abuse cases
Spate of Mishaps at crown Jewel
Spate of Scoot 'flight disruptions'
Spate of fires linked to charging of PMDs
Spate of maid abuse cases
Spate of Mishaps at crown Jewel
Spate of Scoot 'flight disruptions'
Spate of Teacher-Student Misconduct
Spate of SingPost 'service failures'
Spate of Data Breaches In Singapore
Spate of MOH's slip-ups
Spate of food poisoning cases
Spate of molestation and outrage of modesty
Spate of MRT disruptions
Spate of e-bike accidents
Spate of cars flipping over
Spate of facade cladding falling off
Spate of Escalator accidents
Spate of lift accidents
Spate of SingPost 'service failures'
Spate of Data Breaches In Singapore
Spate of MOH's slip-ups
Spate of food poisoning cases
Spate of molestation and outrage of modesty
Spate of MRT disruptions
Spate of e-bike accidents
Spate of cars flipping over
Spate of facade cladding falling off
Spate of Escalator accidents
Spate of lift accidents
