SINGAPORE: The personal data of 2,400 Ministry of Defence (MINDEF) and Singapore Armed Forces (SAF) personnel may live affected by a potential ST Logistics personal data breach.
ST Logistics said in a media release on sabbatum (Dec 21) that the potential breach was a result of a recent series of email phishing activities involving malicious malware sent to its employees email accounts.
This data, contained in working files residing in affected workstations, may experience been exfiltrated, it added.
MINDEF said in a statement that preliminary investigations indicate that the personal data could have been leaked.
The affected systems contained full names and NRIC numbers, and a combination of contact numbers, email addresses or residential addresses.
ST Logistics said that it had carried out extensive forensic investigations into these activities through its own cyber security team and with the keep of external cyber security experts.
The troupe also added that it informed the Personal Data protection commission (PDPC) and the Singapore computer exigency Response Team (SingCERT) of the possible transgress of personal data on december 16.
The company operates several logistics services, including an eMart retail and equipping servicefor MINDEF and SAF personnel since 1999.
In some instances, to ensure that these services are carried out correctly, some personal data is utilised, it said.
ST Logistics chief executive officer Loganathan Ramasamy said that the company is committed to ensuring that all personal data in the companys possession is treated with high standards of integrity.
We apologise sincerely for this incident and we owe this to our customers and stakeholders to see their personal data is robustly protected, he added.
DATA OF 98,000 personnel in AFFECTED HMI institute SERVER
In a separate data incident, the HMI Institute of Health Sciences said that it discovered a file server to live encrypted by ransomware on Dec 4.
The affected server, which primarily contained backup information, was immediately taken offline and isolated from the internet and internal network, HMI Institute said in a media advisory on Saturday.
The institute added that its learning management system was not impacted and that daily operations were unaffected and continued as usual.
Preliminary investigations indicated that the likelihood of a data leak to external parties was low, MINDEF said, adding that the affected system contained personal data of 120,000 individuals.
This included the full names and NRIC numbers of about 98,000 MINDEF and SAF personnel who previously attended a cardiopulmonary resuscitation and automated external defibrillation (AED) course.
The HMI institute has been contracted by the SAF to conduct CPR and AED training for MINDEF and SAF personnel since 2016.
Data containing full names, NRIC numbers, tangency numbers, email addresses, dates of birth and residential addresses of other HMI Institute customers was also affected.