different species of crabvietnamese mud crab
Award Banner
Award Banner

Personal, property information of 70,000 people compromised in data breach involving SLA vendor IBM

The data set, which comprises mock and anonymised testing data based on property ownership and lodgement records, was found to contain names, NRIC numbers and property addresses
Personal, property information of 70,000 people compromised in data breach involving SLA vendor IBM
The data security incident involved a data set created for the purpose of vendor development and testing.
PHOTO: AsiaOne/Fitri Salleh

The personal information and property addresses of an estimated 70,000 people have been affected by a data security incident at the Singapore Land Authority (SLA), following unauthorised access to an IBM-managed cloud environment.

In a statement on Friday (July 3) afternoon, SLA said the unauthorised access involved a data set created for the purpose of vendor development and testing.

The data set, which was created in 1998 and updated periodically over the years, was intended to only contain mock and anonymised testing data based on property ownership and lodgement records.

However, it has since been found to contain the names, NRIC numbers, and property addresses of an estimated 70,000 people. 

According to SLA, this information should have been anonymised, but was not, with investigations underway to determine how this occurred. 

IBM has since revoked access associated with the affected development and testing environment to prevent any other unauthorised access.

The vendor supports and maintains SLA's Singapore Titles Automated Registration System (STARS) and eLodgement System (ELS), including the affected development and testing environment.

SLA assured the public that there is "no connection or compromise" to the live systems used for operations of STARS, ELS, or any other SLA systems.

"Property ownership and lodgment records in STARS and ELS remain secure and unaffected," the authority stated.

SLA added that it has identified those affected by the data breach, and has begun notifying them and advising them on how they can seek further information and assistance.

It is also working with IBM, the Government Technology Agency of Singapore and the Cyber Security Agency of Singapore to investigate the incident, establish the full facts, and ensure that the necessary remedial actions are taken.

A police report has since been lodged and a notification to the Personal Data Protection Commission has also been made. 

Apologising for the concern and inconvenience that may have been caused as a result of the incident, SLA advised members of the public to remain vigilant against phishing emails, phishing websites, text messages or telephone calls from parties claiming to represent Government agencies or other organisations.

[[nid:737865]]

[email protected] 

This website is best viewed using the latest versions of web browsers.