Home News Personal Data Protection Commission Fines Multiple Firms on Data Breaches

Personal Data Protection Commission Fines Multiple Firms on Data Breaches

American Cybersecurity Literacy Act

The Personal Data Protection Commission (PDPC) of Singapore found seven organizations that violated the Personal Data Protection Act and has fined them a total of S$66,000 (approximately US$47,514). According to an official release, the penalties were issued to Singtel, SCAL Academy, SPH Magazines, and Royal Caribbean Cruises for failing to protect customers’ data.

Details of Penalties


Singtel was fined S$9,000 (US$6479) for a data breach involving its ‘My Singtel’ mobile app. The breach occurred when the firm was migrating to a new billing system back in 2018 which resulted in the exposure of personal data of 750 mobile subscribers.

SPH Magazines

SPH Magazines, owned by Singapore Press Holdings, was fined S$26,000 (US$18,718) for a data leak of its forum site HardwareZone. According to a source, a hacker gained access to the system in 2017 and hacked in a senior moderator’s account and accessed information of 704,764 profiles.

Royal Caribbean Cruises

The cruise company was fined S$16,000 (US$11,518) for a ransomware attack on its vendor’s system that exposed personal data of 6,000 of its customers, including the personal data of its 25 employees. The incident occurred when hackers broke into the database of the receipt system and left a ransom note demanding a payment of 0.08 bitcoin for the data.

SCAL Academy

PDPC charged SCAL Academy with a fine S$15,000 (US$10798) for failing to protect the personal data of 3,628 people who had attended its programs. It’s claimed that the Academy failed to secure the scanned registration documents that held personal data like name, race, nationality, date of birth, identity card number, address, and company name of its attendees.

Besides imposing penalties, PDPC also imposed directives on Henry Park Primary School Parents’ Association for breaching the Protection and Accountability Obligations of the PDPA. Also, a warning was issued to NTUC Income and AXA Insurance for failing to maintain the necessary security requirements to prevent unauthorized disclosure of personal data they held.