"Personal data of 2,400 MINDEF, SAF personnel potentially affected; 2 vendors hit by malware
SINGAPORE: The personal data of 2,400 Ministry of Defence (MINDEF) and Singapore Armed Forces (SAF) personnel may be affected by a potential ST Logistics personal data breach.
ST Logistics said in a media release on Saturday (Dec 21) that the potential breach was a result of a recent series of email phishing activities involving malicious malware sent to its employees’ email accounts.
“This data, contained in working files residing in affected workstations, may have been exfiltrated,” it added.
MINDEF said in a statement that preliminary investigations indicate that the personal data could have been leaked.
The affected systems contained full names and NRIC numbers, and a combination of contact numbers, email addresses or residential addresses.
ST Logistics said that it had carried out “extensive forensic investigations” into these activities through its own cyber security team and with the support of external cyber security experts.
The company also added that it informed the Personal Data Protection Commission (PDPC) and the Singapore Computer Emergency Response Team (SingCERT) of the "possible breach" of personal data on Dec 16.
The company operates several logistics services, including an eMart retail and equipping servicefor MINDEF and SAF personnel since 1999.
“In some instances, to ensure that these services are carried out correctly, some personal data is utilised,” it said.
ST Logistics chief executive officer Loganathan Ramasamy said that the company is committed to ensuring that all personal data in the company’s possession is treated with “high standards of integrity”.
In a separate data incident, the HMI Institute of Health Sciences said that it discovered a file server to be encrypted by ransomware on Dec 4.
MINDEF and the SAF said they take a serious view on the secure handling of personal data by their vendors.
“The security of their IT systems is an important factor that will be taken into account in the award of contracts,” MINDEF said.
MINDEF added that it is also engaging other vendors who hold information of MINDEF and SAF personnel to strengthen the security of their IT systems.
The PDPC is also conducting investigations into both cases, MINDEF said.
In response to the malware incidents, Defence Cyber Chief Brigadier-General Mark Tan said: “The malware incidents affected the IT systems of our vendors. Although MINDEF/SAF’s systems and operations were not affected, the malware incidents in these vendor companies may have compromised the confidentiality of our personnel’s personal data."
He added that MINDEF and the SAF will review the cybersecurity standards of their vendors to ensure that they are able to protect their personnel’s personal data and information.
Affected personnel will be notified from Saturday, said MINDEF."
We had the medical data of PM Lee being affected the last time. It was probably no big deal.
Now the SAF personnel data had been breached, not sure what could happened? Will some covert personnel b put in danger? Like in some James Bond movies or other spy thrillers?
Hope not but just some rudimentary n trivial information were breached.
With these incidents is the practice of outsourcing need to b reviewed?
The SAF basically just outsourced to GLC companies that used to b part of the SAF?
It is not easy to keep Cybersecurity safe. Hope these can b kept to am absolute zero!!
SINGAPORE: The personal data of 2,400 Ministry of Defence (MINDEF) and Singapore Armed Forces (SAF) personnel may be affected by a potential ST Logistics personal data breach.
ST Logistics said in a media release on Saturday (Dec 21) that the potential breach was a result of a recent series of email phishing activities involving malicious malware sent to its employees’ email accounts.
“This data, contained in working files residing in affected workstations, may have been exfiltrated,” it added.
MINDEF said in a statement that preliminary investigations indicate that the personal data could have been leaked.
The affected systems contained full names and NRIC numbers, and a combination of contact numbers, email addresses or residential addresses.
ST Logistics said that it had carried out “extensive forensic investigations” into these activities through its own cyber security team and with the support of external cyber security experts.
The company also added that it informed the Personal Data Protection Commission (PDPC) and the Singapore Computer Emergency Response Team (SingCERT) of the "possible breach" of personal data on Dec 16.
The company operates several logistics services, including an eMart retail and equipping servicefor MINDEF and SAF personnel since 1999.
“In some instances, to ensure that these services are carried out correctly, some personal data is utilised,” it said.
ST Logistics chief executive officer Loganathan Ramasamy said that the company is committed to ensuring that all personal data in the company’s possession is treated with “high standards of integrity”.
In a separate data incident, the HMI Institute of Health Sciences said that it discovered a file server to be encrypted by ransomware on Dec 4.
MINDEF and the SAF said they take a serious view on the secure handling of personal data by their vendors.
“The security of their IT systems is an important factor that will be taken into account in the award of contracts,” MINDEF said.
MINDEF added that it is also engaging other vendors who hold information of MINDEF and SAF personnel to strengthen the security of their IT systems.
The PDPC is also conducting investigations into both cases, MINDEF said.
In response to the malware incidents, Defence Cyber Chief Brigadier-General Mark Tan said: “The malware incidents affected the IT systems of our vendors. Although MINDEF/SAF’s systems and operations were not affected, the malware incidents in these vendor companies may have compromised the confidentiality of our personnel’s personal data."
He added that MINDEF and the SAF will review the cybersecurity standards of their vendors to ensure that they are able to protect their personnel’s personal data and information.
Affected personnel will be notified from Saturday, said MINDEF."
We had the medical data of PM Lee being affected the last time. It was probably no big deal.
Now the SAF personnel data had been breached, not sure what could happened? Will some covert personnel b put in danger? Like in some James Bond movies or other spy thrillers?
Hope not but just some rudimentary n trivial information were breached.
With these incidents is the practice of outsourcing need to b reviewed?
The SAF basically just outsourced to GLC companies that used to b part of the SAF?
It is not easy to keep Cybersecurity safe. Hope these can b kept to am absolute zero!!
No comments:
Post a Comment