Given how much hackers can do with stolen data these days, it’s more important than ever to keep your personal information secure.
When this information is in the hands of someone else, however, this security is out of your control.
And if the proper precautions are not taken, your information can end up being breached.
2 Firms Fined $43K For Breaches That Affect Mindef & SAF Personnel’s Personal Data
This is what happened to HMI Institute of Health Sciences and ST Logistics, who were fined S$35,000 and S$8,000 respectively after two malware incidents in 2019.
The personal data of thousands of personnel from the Ministry of Defence (Mindef) and the Singapore Armed Forces (SAF) were breached in the two separate incidents.
The affected data included names, National Registration Identity Card (NRIC) numbers, addresses, email addresses, and telephone numbers.
So, what happened?
HMI Breach
For HMI, the trouble started on 4 Dec 2019, when they discovered a file server to be encrypted by ransomware.
Ransomware is a type of malware from cryptovirology that threatens to publish personal data or perpetually block access to it unless a ransom is paid.
Earlier, the institute was contracted by the SAF to conduct cardiopulmonary resuscitation and automated external defibrillator training for Mindef and SAF personnel.
The file server which was blocked by ransomware contained the personal data of about 110,080 people who participated in HMI Institute’s training courses and 253 employees.
This included 98,000 SAF servicemen who attended the courses. Their names and NRICs were stored on the server.
Fortunately, when the institute hired a cybersecurity company to investigate the incident, it found no evidence that the data was extracted from the server.
Phew.
The Personal Data Protection Commission (PDPC), which gave out the fines, said HMI’s failure to put in place reasonable security measures put the personal data at risk for more than four years.
It had failed to implement proper password management policies as well.
PDPC noted that HMI Institute took prompt remedial actions, however.
ST Logistics’s Employees Fell For Phishing Attack
The ST Logistics’ breach went a little differently.
Employees of the logistics firm fell for a phishing attack after malicious malware was sent to their email accounts in October 2019, leading to the data breach.
The data breach included 2,400 Mindef and SAF personnel. Their names were in ST Logistics’ system as the firm had provided logistics services such as eMart retail and equipping services for Mindef and SAF personnel.
The firm said there was no evidence that any of the data was leaked.
However, PDPC found that ST Logistics had failed to conduct periodic security reviews to detect vulnerabilities in its IT systems.
Consequently, anti-virus software was not updated, and advanced endpoint protection solution software, which detects newly released forms of malware, wasn’t installed on employees’ laptops.
As always, if you have sensitive information in your electronics devices, security is key.
Featured Image: Rawpixel.com/ Shutterstock.com
Would you be jailed for being half-naked in public? Well, the answer will shock you. Seriously. Watch this to the end and you'll understand:
