SINGAPORE – Personal data of 1,355 members of the National University of Singapore Society (NUSS) was stolen after the company’s website was hacked early last month, NUSS reported on Monday (November 1).
Asked by the Straits Times, the club of university graduates did not say whether the data concerned was encrypted. But he said affected members had their full NRIC numbers stolen.
When asked whether the names of the members had also been stolen, the NUSS reportedly simply replied that “the NRIC numbers which correspond to the names of 1,355 members” had been consulted.
Some members were also given access to a combination of other details, the company said in an email to those affected on Monday afternoon.
This included their date of birth, nationality, gender, marital status, email address, work and home phone numbers, work and home addresses, vehicle registration number, degree details. university and their membership number.
Other potentially stolen information included food and drink orders, restaurant and event registrations, and comments sent through the NUSS website.
Other NRIC details or images, as well as payment card or bank account information, were not part of the data viewed.
NUSS said it was alerted on October 8 that an unknown person on the Dark Web – the belly of the Internet where hackers trade and communicate – was claiming to sell the personal data of members of the company. The data was taken from the NUSS website, which was hosted by a third-party web hosting provider.
Investigations revealed that the hacker carried out a sophisticated attack on the company’s website on October 6-7 and uploaded some data stored on the NUSS web server. The main database was not compromised.
The club said it has taken parts of its website offline until they are reviewed and any security concerns have been addressed by the web hosting provider.
The NUSS added that it “is actively reviewing its security measures and processes to ensure that an incident like this cannot happen again.”
The case was reported to the Personal Data Protection Commission and the police.
The maximum fine for a data breach is $ 1 million. But organizations can soon be fined more – up to 10% of their annual turnover in Singapore, or $ 1 million, whichever is greater. The higher fine is expected to take effect at least 12 months from February 1 of this year.
Apologizing for the unauthorized access to the data, NUSS told concerned members that crooks could misuse the stolen data to impersonate them.
For example, criminals could attempt to open a bank account or obtain a credit card in a victim’s name, redirect their mail, or port their cell phone number.
NUSS urged members to keep an eye on their financial accounts for suspicious activity such as unauthorized transactions and changes to account details. He also advised members to check with Singapore Post to see if their mail has been redirected, if they are not receiving their mail, and to check with their phone company to see if their mobile number has been forwarded to one. other mobile phone provider, if their phone loses coverage for a long time. time.
Members must immediately notify sellers or service providers if they receive any goods or services they did not order, or receive notifications for them.
Affected members should also be wary of people contacting them to request their data or credentials, even if they appear to know other details about them. Indeed, cybercriminals could try to trick victims into giving more information, the NUSS said.
Scammers could attempt to contact members by email and text, or by phone posing as representatives of a government authority or business.
“Please also be vigilant of fraudulent emails that appear to be from NUSS,” the company warned. “Before responding to an email that appears to be from us, verify that the response is addressed to a real @ nuss.org.sg email address.”
Last month, The Straits Times reported that the personal details of Fullerton Health clients were stolen by hackers and peddled online, after a provider in the private healthcare group suffered a breach earlier this month.
The hackers claimed they managed to steal the data of around 400,000 people, including Singaporeans’ insurance policy details.