This is bigly.
You’d think that a company which the government has employed and collaborated with at such a massive scale could be trusted to fill in the gaps and prevent security breaches.
We’re all mistaken though because this incident proves that everyone makes mistakes. Yes, even IT companies and they were made to pay a hefty price for it. Including us.
IT Company Fined $60,000 After Data Of 47,800 Students, Parents & Staff At S’pore Schools Hacked
An IT vendor called Learnaholic has just been fined a whopping $60,000. Their crime?The personal data of at least 47,000 students, parents and staff from different schools were hacked.
So What Exactly Was Lost?
Learnaholic offered services like attendance-taking and e-learning systems to Singapore schools under a contract that they had with the Ministry Of Education (MOE).
Unfortunately, several lapses occurred within these services that were provided. As a result, the personal data of around 47,802 students, parents and staff members were compromised.
This was published by the Personal Data Protection Commission (PDPM) on Thursday.
Is it just me or does it feel like data breaches has been happening one too many times?
The hackers (technically, just one hacker, though) made away with personal data including NRIC numbers, contact numbers, e-mail and addresses. In addition, the medical information of at least 372 students were hacked as well.
What Exactly Happened
In March 2016, Learnaholic was asked to fix an issue with the attendance-taking system of a school. It thus modified the school’s Intranet firewall and disabled the password for software installed.
They did this to conduct remote troubleshooting but “forgot” to close the port and restore the school’s original firewall configuration after the troubleshooting.
They essentially forgot to put the “protection” back.
It’s like a mechanic fixing your car and forgetting to put the wheels back.
It posed as a vulnerability which a hacker later accessed, and this vulnerability “was left exposed for more than a month”.
The data breach and hack were only discovered in February 2017 by the Singapore Police Force while they were investigating a separate hacking incident.
After it was found out, Learnaholic quickly changed the passwords for work email accounts and activated two-factor authentication. Other measures were also taken, like deleting the emails with personal data.
I suppose there is no point crying over spilt milk. What’s done has been done and we can only hope that such a massive data breach doesn’t occur again.
Watch this for a complete summary of what REALLY happened to Qoo10, and why it's like a K-drama:
Read Also:
- 21YO Stabbed Actor Ryan Lian in The Face At Least 3 Times
- Summary of What Really Happened to Qoo10, Simplified for You
- 62-Year-Old Tampines Man Found Dead After Missing Daily “Good Morning” Messages
- 5 Places In S’pore To Get Christmas-Themed Cakes Under S$80
- Mister Donut Launching Pikachu & Poké Ball Donuts From 1 Dec 2024 To 19 Jan 2025
- Vietnamese Married S’porean to Get Long-Term Pass, But Wanted a Divorce When Pass Was Not Approved
- Summary of the Places to Count Down to 2025 in S’pore
Advertisements
