Singapore’s National Trades Union Congress’ (NTUC) Employment and Employability Institute (e2i) is tightening its email security following a malware-induced data security breach that may have resulted in the unauthorised access of 30,000 individuals’ personal data.
The job matching and skills upgrading services provider revealed on 5 April that it was made aware on 12 March of a data incident arising from malware that infected a mailbox belonging to an employee of an appointed third-party vendor, contact centre services provider i-vic International.
“The incident may have resulted in an unauthorised access to the affected mailbox that contained personal data of approximately 30,000 individuals who had used e2i’s services,” the institute said in a statement.
The potentially affected personal data may include names, NRIC, contact details, educational qualifications and employment details.
After being made aware of the incident, e2i immediately launched an investigation and has reported the data breach to the Personal Data Protection Commission (PDPC) and the Singapore Computer Emergency Response Team (SingCERT).
The third-party vendor has also filed a police report for the incident.
Following the initial investigation, working with the vendor to ascertain the nature and extent of personal data that has been potentially affected, e2i and I-vic International have followed up with mitigation measures to tighten the security of email and network systems.
The institute said it and its vendor would also be undertaking constant checks to monitor closely for any potential vulnerabilities.
“We are deeply sorry for the anxiety this data incident may bring to our clients,” e2i CEO Gilbert Tan said. “The protection of our clients’ personal data is of utmost importance to us. Though the malware did not target at e2i directly, cybersecurity threats are real and the protection of personal data is of top priority to us.
“E2i will be doing constant checks on both e2i’s as well as our vendor’s IT systems. Amid all these measures, I would like to assure that e2i’s operations, services and systems remain unaffected and job seekers can continue to seek employment and employability assistance with e2i,” he added.
News of the breach comes almost exactly a month after Singapore Airlines warned its frequent flyer members of a third-party breach affecting up to 580,000 people.
Singapore Airlines said in a statement published late on 4 March that it had been informed by air transport communications and information technology provider SITA of a data security breach involving its Passenger Service System (SITA PSS) servers.
Just days earlier, Malaysia Airlines informed Enrich frequent flyer members of a “data security incident” via a third-party IT service provider, insisting the breach avoided the national carrier’s core IT infrastructure and systems.