Home News SIAS discovers security breach after five years

SIAS discovers security breach after five years


The Securities Investors Association of Singapore (SIAS) recently revealed that hackers may have compromised the personal data of 70,000 members in 2013. The incident was uncovered recently when the Cyber Security Agency of Singapore (CSA) notified SIAS about the breach on Wednesday, July 25, 2018, after receiving a clue from an anonymous source.

The company stated that the names, IC numbers, home addresses, email addresses, mobile and landline numbers of Sias’ members were compromised.

“This is not related to the SingHealth incident. As SIAS is neither a public-sector agency nor Critical Information Infrastructure, Singcert reached out to them to inform them and asked them to verify the situation.” Ms. Goh Yan Kim, the Deputy Director of the Singapore Computer Emergency Response Team (Singcert), stated in a media briefing.

“We don’t know who did it. We have contacted our IT management company, who are external specialists working with our in-house IT team and will take their advice on what to do. We are very sorry to members, especially the older members. Most of them don’t have emails, so it took a little longer to inform them,” said David Gerald, the president and CEO of Sias.

To prevent any further loss, the organization has taken down its current website and is working on a new website. “We are working on how to make our processes more robust. We had a firewall and other precautions in place, but we were told that there is no 100 percent, when it comes to cybersecurity. Hackers are getting smarter and smarter.” Gerald said.

The news comes after the recent cyber attack on SingHealth which affected more than 1.5 million patients. According to a statement from the Ministry of Health and Ministry of Communications and Information, the hackers compromised more than 1.5 million SingHealth patients’ personal information. Singapore’s Prime Minister Lee Hsien Loong’s personal particulars and outpatient medication data were also exposed.

The security officials detected the attack on July 4 and stopped the unusual activity that lasted from June 27 to July 4. A four-member Committee of Inquiry (COI) has been set up to investigate the incident.