Home Technology Data of 70,000 people compromised in cybersecurity...
Technology

Data of 70,000 people compromised in cybersecurity incident involving SLA’s vendor and its cloud environment

Data of 70,000 people compromised in cybersecurity incident involving SLA’s vendor and its cloud environment
Key Points

Data of 70,000 people compromised in cybersecurity incident involving SLA’s vendor IBM Information in the compromised IBM-managed cloud environment included the names, NRIC numbers, and then-property addresses of 70,000 people and was not anonymised. SINGAPORE: The Singapore Land Authority (SLA) said on Friday (Jul 3) that it had been informed of a security incident involving unauthorised access at one of its vendor’s systems that contained the data of 70,000 people. Preliminary...

Data of 70,000 people compromised in cybersecurity incident involving SLA’s vendor IBM Information in the compromised IBM-managed cloud environment included the names, NRIC numbers, and then-property addresses of 70,000 people and was not anonymised. SINGAPORE: The Singapore Land Authority (SLA) said on Friday (Jul 3) that it had been informed of a security incident involving unauthorised access at one of its vendor’s systems that contained the data of 70,000 people. Preliminary investigations indicate that there was unauthorised access to an IBM-managed cloud environment, SLA said in a press release. IBM is the vendor appointed to support and maintain SLA’s Singapore Titles Automated Registration System (STARS) and eLodgment System (ELS), and it managed their development and systems-integration testing environments. “Preliminary investigations indicate that there was unauthorised access to a data set created for the sole purpose of vendor development and testing,” said SLA. The data set was created in 1998 and updated periodically over the subsequent years. It was intended to contain only mock and anonymised testing data based on property ownership and lodgment records. “However, SLA has since uncovered that it also contained the names, NRIC numbers, and then property addresses of an estimated 70,000 individuals,” said the authority. “This information should have been anonymised but was not. Investigations are ongoing to determine how this occurred.” The authority said the affected environment managed by IBM is distinct and separate from SLA’s operational systems. “There is no connection or compromise to the live systems used for operations of STARS, ELS or any other SLA systems. Property ownership and lodgment records in STARS and ELS remain secure and unaffected.” IBM has revoked access associated with the affected development and testing environment to prevent any other unauthorised access, added SLA. As a precautionary measure, the authority has identified the individuals whose information was contained in the affected data set and has begun notifying them and advising them on how they can seek further information and assistance. “SLA is working closely with IBM, the Government Technology Agency of Singapore and the Cyber Security Agency of Singapore to investigate the incident, establish the full facts and ensure that the necessary remedial measures are taken,” the authority said It has also lodged a police report and notified the Personal Data Protection Commission. “As investigations are ongoing, we advise members of the public to remain vigilant against phishing emails, phishing websites, text messages or telephone calls from parties claiming to represent government agencies or other organisations,” it said.
SLA (ORG) IBM Information (ORG) IBM (ORG) NRIC (ORG) The Singapore Land Authority (ORG) Singapore (LOCATION) eLodgment System (ORG) ELS (ORG) the Government Technology Agency of Singapore (ORG) the Cyber Security Agency (ORG) the Personal Data Protection Commission (ORG)
Originally published by Channel News Asia Read original →