Personal Data of 70,000 in Singapore Exposed in IBM-Managed Cloud Security Incident

July 4 — The personal data of approximately 70,000 individuals in Singapore has been exposed in a cybersecurity incident involving an IBM-managed cloud environment, the Singapore Land Authority (SLA) announced on Friday.

The SLA said preliminary investigations revealed unauthorised access to a data set created solely for vendor development and testing within a cloud environment managed by IBM for the Singapore Titles Automated Registration System (STARS) and the eLodgment System (ELS). IBM serves as the appointed vendor to support and maintain these systems for the SLA.

According to the authority, the data set was originally created in 1998 and updated periodically over subsequent years. It was intended to contain only mock and anonymised testing data based on property ownership and lodgment records. However, the SLA has since uncovered that the data set also contained the names, National Registration Identity Card (NRIC) numbers, and property addresses of an estimated 70,000 individuals. “This information should have been anonymised but was not. Investigations are ongoing to determine how this occurred,” the SLA stated.

The SLA stressed that the affected testing environment managed by IBM is distinct and separate from the authority’s operational systems. “There is no connection or compromise to the live systems used for operations of STARS, ELS or any other SLA systems,” the authority said. Property ownership and lodgment records in the operational systems remain secure and unaffected.

IBM has revoked access associated with the affected development and testing environment to prevent any further unauthorised access. As a precautionary measure, the SLA has identified the individuals whose information was contained in the affected data set and has begun notifying them, while advising them on how to seek further information and assistance.

The SLA is working closely with IBM, the Government Technology Agency of Singapore, and the Cyber Security Agency of Singapore to investigate the incident, establish the full facts, and ensure that necessary remedial measures are taken. A police report has been filed and the Personal Data Protection Commission has been notified.

The authority has also advised members of the public to remain vigilant against phishing emails, phishing websites, text messages, or telephone calls from parties claiming to represent government agencies or other organisations while investigations are ongoing. The SLA apologised for the concern and inconvenience this incident may cause.

Leave a Reply

Your email address will not be published. Required fields are marked *