ADVERTISEMENT

Singapore Defense Personnel Data Vulnerable in Malware Attacks

Sensitive information, including full names, identification details, could be included in potential data exposure.

Singapore Defense Personnel Data Vulnerable in Malware Attacks
A stream of binary coding is seen displayed on a laptop computer screen as a man works to enter data on the keyboard. (Photographer: Chris Ratcliffe/Bloomberg)

(Bloomberg) -- The personal data of about 100,000 Singapore defense personnel may have been leaked in yet another cyberattack in the city-state.

Sensitive information held by two security force vendors, including full names, identification details, and a combination of contact numbers, email and residential addresses could be included in the potential data exposure, according to a statement published on the ministry’s website on Saturday.

ST Logistics Pte.’s systems, which suffered a malware attack, held the personal data of 2,400 Ministry of Defence and Singapore Armed Forces employees, while HMI Institute of Health Sciences Pte.’s system contains the information of about 98,000 security force personnel, the statement said.

Preliminary investigations show the likelihood of a leak to external parties by HMI Institute is low, while ST Logistics’s system could have been compromised, according to the ministry.

“We will review the cybersecurity standards of our vendors to ensure that they are able to protect our personnel’s personal data and information,” Defence Cyber Chief Brigadier-General Mark Tan said in the statement.

Singapore, a trade-reliant nation with a rapidly aging population, is trying to restructure its economy to make it a global center of innovation. As a hyper-connected financial hub, it’s also been a recent target for hackers.

Websites Hacked

Earlier this year, the personal data of more than 4,000 people was compromised after Singapore Red Cross’ website was hacked, according to local media.

Last year, Singapore Prime Minister Lee Hsien Loong’s private details were targeted in a “major” cyberattack on the database of the country’s biggest public healthcare group. The non-medical personal particulars of about 1.5 million patients were illegally accessed and copied during the hack, authorities said.

For more on Singapore cyber security:

HMI Institute said it had discovered that a file server was encrypted by ransomware on Dec. 4, but investigations so far show no evidence of data being copied or exported. ST Logistics did not immediately respond to an email requesting comment, and calls to the company went unanswered.

ST Logistics works with the ministry to provide retail and supply-chain services, while HMI Institute is contracted by the Singapore Armed Forces to conduct personnel training.

The ministry said it is in the process of notifying all those affected by the latest possible leak.

To contact the reporter on this story: Ishika Mookerjee in Singapore at imookerjee@bloomberg.net

To contact the editors responsible for this story: Lianting Tu at ltu4@bloomberg.net, Siraj Datoo, Stanley James

©2019 Bloomberg L.P.