The HMI Institute of Health Science and the ST Logistics have been hit by a data breach affecting thousands of Singapore Armed Forces, and individuals of the Ministry of Defense personal data.
According to the HMI Institute of Health Science, its file server was hit by ransomware exposing the data of about 120,000 individuals of the Ministry of Defense and the Singapore Armed Forces. This makes it one of the most sophisticated attacks in 2019 with several other incidents across the globe.
Image Source: www.delocal.de
The statement released by the Ministry of Defense on 21 December 2019 revealed that the Singapore Armed Forces has contracted the HMI Institute of Health Service and the ST Logistics since 2016 and 1999 respectively with the provision of personal data of the Ministry of Defense and the Armed Forces personnel for effective services. Unfortunately, hackers made away with the full names, Date of Birth, NRIC Numbers, home addresses and email addresses of the affected victims of which 98000 of them are Singapore Armed Forces Servicemen.
Most of their data were obtained by the HMI Institute of Health Science after embarking on some courses provided by them.
As claimed by the report, the Institute noted a sudden problem in its server, taking it offline and disconnecting it from the internal network as well as the internet. In their attempt not to take it lightly, they engaged a cybersecurity firm to launch an investigation with a detailed report, of which it was revealed that the attack was opportunistic and random. They revealed that the probability of the attack leading to the leakage of its data was low, as they could not establish that any sensitive data was exported or copied.
Regardless of the report, the parent company, Health Management International has decided not to take it lightly, but to proceed with the investigation and seal any loophole that may attract future attacks.
Image Source: www.coincodex.com
In the case of ST Logistics, its parent company, Japan Post conducted a forensic investigation through its able cybersecurity team and external cybersecurity experts. According to the report, the hackers took control over their system by launching a phishing attack through employees’ email.
They accessed the full names, contact numbers, NRIC numbers, residential addresses and also obtained emails of about 2400 personnel of the Ministry of Defense and the Singapore Armed Forces, putting them at risk of identity theft.
Following the incident, the Ministry of Defense released a statement establishing that its Ministry and the Singapore Armed Forces strictly consider how secured their data are handled by their vendors.
According to the statement, they observe and investigate the security of their IT systems before awarding a contract. Defense Cyber Chief Brigadier-General Mark Tan also confirmed that the IT systems of its vendors were affected by malware. He clarified that the system of the Ministry of Defense and the Singapore Armed Forces were not breached.
However, the confidential personal data of its personnel were largely affected, calling for their decision to review the cybersecurity policies of its vendors to ensure that their information is strongly protected in the future. They have also decided to contact the unaffected vendors to ensure that their IT systems are safe enough to repel any malware attack.
The HMI Institute of Health Sciences and the ST Logistics have reported the incident to the Personal Data Protection Commission as well as the Singapore Computer Emergency Response Team who have commenced Investigation. Also, all the affected personnel has been contacted since 21 December 2019. It was not stated whether the authorities have started working on the affected information to reduce any future effect on the affected individuals, but it is certain that they have taken proactive measures to prevent any future occurrence.
From January to August 2019, Singapore recorded a significant increase in data breach incidents with about 26 companies slapped with a fine of $1.28 million for being careless with customers data according to the Personal Data Protection Act. It was further reported that 80% of the personal data leak occurred due to a breach of protection obligation, but not necessarily cyberattack incidents.
The reason for the large incidents of data breaches was mostly linked to untrained staff, lack of data policies, and followed by inadequate digital security. The recorded cases in Singapore and the number of companies fined within the stated period is said to be a record high since the PDPA came into effect in 2016 according to the report.
Cybercriminals constantly threaten to attack companies that store a large volume of customers data, and so, this is a wake-up call to the said companies to implement all cybersecurity measures.
Source: The Online Citizen
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.