SINGAPUR: Personal data 4,297 people were compromised after a portion of the Singapore Red Cross (SRC) website was hacked, the organization's statement said on Thursday (May 16th).
The SRC announced that its web developer had warned the incident of unauthorized access to part of its website supporting the recruitment of interested blood donors last Wednesday.
Members of the public may indicate their interest in blood donating via the website, and then the SRC makes appointments on their behalf.
"The following information about 4,297 people who registered their interest on the web site was endangered by name, contact number, email, established blood group, desired date / time of agreement and desired place for blood donation," SRC said. no other information was hit.
The report states that its other databases were not compromised, and the HSA systems were also not affected by the incident.
READ: Personal data more than 800,000 blood donors are exposed online by a technical supplier: HSA
The organization made a police report on the same day. He also reported on the incident to the Commission for Personal Data Protection and HSA. Police investigations are under way, he adds.
A weak administrator password could leave the site vulnerable, SRC said, adding that during the investigation they determine how the incident occurred.
"There are measures to protect against unauthorized access to the site," the report states. "While our investigation is ongoing to determine the nature of unauthorized access, our preliminary findings indicate that a weak administrator password might leave the site vulnerable to unauthorized access."
He said he interrupted the internet connection and replaced a temporary web site with links to relevant sites.
The site will only re-establish after the completion of all security checks, SRC added.
External consultants are engaged in performing forensic research and establishing "accurate factors" that have allowed unauthorized access.
READ OUT: HIV positive status of 14,200 people online
These will be located and recommended to report to the SRC Board, and SRC will take the necessary measures to strengthen its security measures, along with advice from the IT advisory board of the organization.
"Our immediate priority is to ensure that individuals and partners affected by this are communicating with relevant parties to rebuild and strengthen our IT systems, protect our data and alleviate all future risks," said Secretary General of the SRC Benjamin,
"The SRC has contacted the affected people. We apologize to the users of our site whose information may have been affected by this incident."
A spokesman for the Personal Data Protection Commission stated in response to CNA inquiries that he was aware of the incident and was investigating the issue.
READ: Singapore's health system hit by the "worst personal data breach" in cyberattack; The target is Lee Lee
The SRC case is the latest in a series of cyber-security incidents that hit health systems in Singapore.
In March this year, HSA reported that personal data over 800,000 blood donors were exposed on the Internet for nine weeks after the seller misrepresented them.
In January, the HIV-positive status of 14,200 people – along with confidential information such as identification numbers and contact information – was procured online.
In July last year, the government announced a cyber-attack on SingHealth, calling it "the most serious personal data breach" in Singapore's history.
In the incident, 1.5 million SingHealth patient records and copies were recorded, while 160,000 had records of medicines from the ambulance. Among those affected were Prime Minister Lee Hsien Loong.