You’ve probably heard of one too many data breaches from Singapore, from the unfortunate data leak of HIV-positive people in Singapore to medical records of 1.5 million Singaporeans compromised in a cyberattack.
A few recent data breaches caused by mishandling of data by IT vendors have thus compelled the Singapore government to review its data handling policies, according to local media reports.
“The Smart Nation and Digital Government Office is currently reviewing the Government’s management of data, and will share more when ready,” said a spokesperson from the office to The Straits Times.
The office — in charge of driving the government’s digital transformation according to its website — will also be conducting a “deeper investigation” into an incident this month where personal details of some 800,000 blood donors were left exposed on the Internet for two months, the spokesperson told Channel NewsAsia.
The exposed database was discovered by a cybersecurity expert in March and had been reportedly left exposed since January after tech vendor Secur Solutions Group placed the information on an unsecured database.
The group was in charge of updating blood donor records.
“The findings will inform us of the measures that need to be implemented and the assistance that the Health Sciences Authority will require to rectify the situation,” the spokesperson added.
The recent data breaches come amid a bold plan by the Singapore government to digitalize all government services by 2023, according to a TODAY report.
A damning report released this week by Russian cybersecurity company Group-IB revealed that user login details and passwords from key government agencies such as the Singapore Police Force and Government Technology Agency (GovTech) were being put up for sale on the dark web, reported TODAY.
The dark web is a part of the Internet that is not visible to search engines and requires a special browser called Tor to access, thus anonymizing user activity and making cyber-crime possible.
However, a GovTech spokesperson said their investigations revealed only 119 accounts were in use out of the 50,000 accounts it discovered, and all affected personnel have since changed their passwords.