Hackers in Singapore are having a particularly productive week.
On Monday, media outlets reported that the personal data of about 30,000 people who used the services of the National Trades Union Congress’ Employment and Employability Institute (e2i) may have been breached.
But not content with that, hackers then went after a security services organisation.
Over 62K Emails From Local Security Firm, Certis, Accessed by Cyber Hackers; Some Contained NRIC and Credit Card Numbers
Around 62,000 e-mails from the public, businesses, and customers of Certis may have been breached by hackers.
According to ST, all the emails came from a customer service account belonging to the company – [email protected].
Certis said it began scanning the emails to check if any sensitive information or personal data was included, and they’ve already found some emails containing NRIC and credit card numbers.
This is not good.
The data breach came to light when some customers of Certis received phishing e-mails from an email account presumably from Certis.
Customers of Certis’ safe deposit box service were also affected by the data breach.
An Isolated Incident
Fortunately, after the firm’s IT team conducted an investigation, they concluded that this was an isolated incident.
What’s more, while hackers may have gained access to these emails, Certis’ customer database was not compromised as it was stored somewhere else.
Certis added that the phishing emails did not come from their customer service e-mail account on the Microsoft Office 365 cloud.
New Measures to Prevent Future Attacks
Certis is now taking the necessary steps to prevent such cyberattacks from occurring in the future.
The firm’s IT team has strengthened their authentication processes by increasing the frequency of changing passwords and implementing two-factor authentication.
Moreover, Certis employees must now complete mandatory cyber-security training every year to arm them with the necessary skills to combat cyberattacks, such as identifying phishing emails.
Why the Delay?
The phishing emails were sent between 16 and 17 March, meaning Certis made the cyberattack known to the public three weeks after it happened.
Why?
The firm explained that because of the complexity of the investigations, “it has taken time to investigate the nature of the incident and assess the impact on affected individuals”.
It is progressively informing affected individuals who could be at risk as a precaution.
Monitor Transaction Logs Over the Next Few Weeks
Mr Ronald Poon, chief executive for Certis Singapore, apologised for the incident, saying that their operations remain secure and unaffected.
“Our e-mail system will undergo further reviews to mitigate vulnerabilities and enhance the protection of our data, and that of our customers”, he said.
Nevertheless, Certis customers should monitor transaction logs carefully in the next few weeks.
The Personal Data Protection Commission (PDPC) said it is investigating the matter.
Featured Image: Rawpixel.com/ Shutterstock.com
Would you be jailed for being half-naked in public? Well, the answer will shock you. Seriously. Watch this to the end and you'll understand:
