Singapore Land Authority Data of 70,000 Exposed in Vendor Cybersecurity Incident
Translated from English, summarized and contextualized by DistantNews.
At a glance
- The Singapore Land Authority (SLA) reported a cybersecurity incident involving unauthorized access to a vendor's cloud environment.
- The incident potentially exposed the data of 70,000 individuals, including names, NRIC numbers, and property addresses.
- The compromised data was part of a test environment managed by IBM and is separate from SLA's live operational systems.
The Singapore Land Authority (SLA) has disclosed a significant cybersecurity incident where unauthorized access occurred within a vendor's cloud system, potentially compromising the personal data of approximately 70,000 individuals. The authority was informed of the breach on Friday, July 3.
Preliminary investigations indicate that there was unauthorised access to a data set created for the sole purpose of vendor development and testing.
Preliminary investigations suggest the unauthorized access targeted a data set managed by IBM, the vendor responsible for maintaining SLA's Singapore Titles Automated Registration System (STARS) and eLodgment System (ELS). This specific data set was created in 1998 for vendor development and testing purposes. While intended to contain only mock and anonymized data based on property records, SLA discovered it also included names, NRIC numbers, and property addresses of the affected individuals.
SLA emphasized that the compromised environment is distinct and separate from its operational systems. There has been no compromise to the live systems used for STARS, ELS, or any other SLA services, ensuring that property ownership and lodgment records remain secure. IBM has taken immediate action by revoking access to the affected development and testing environment to prevent further unauthorized access.
However, SLA has since uncovered that it also contained the names, NRIC numbers, and then property addresses of an estimated 70,000 individuals. This information should have been anonymised but was not. Investigations are ongoing to determine how this occurred.
As a precautionary measure, SLA is in the process of identifying and notifying all affected individuals, providing them with information and guidance on seeking further assistance. The authority is collaborating closely with IBM, the Government Technology Agency of Singapore, and the Cyber Security Agency of Singapore to thoroughly investigate the incident, ascertain the full facts, and implement necessary remedial actions. A police report has been lodged, and the Personal Data Protection Commission has been notified.
There is no connection or compromise to the live systems used for operations of STARS, ELS or any other SLA systems. Property ownership and lodgment records in STARS and ELS remain secure and unaffected.
Originally published by CNA in English. Translated, summarized, and contextualized by our editorial team with added local perspective. Read our editorial standards.