Skip to main content

Massive NRIC Leak with Over 500,000 NRIC Searches in 5 Days

 


More than 500,000 searches were made on the Accounting and Corporate Regulatory Authority’s (Acra) Bizfile portal between December 9 and 13, exploiting a flaw that revealed full NRIC numbers. This incident sparked widespread concern, prompting a ministerial response in Parliament on January 8.

Incident Overview

The new Bizfile portal was launched on December 9, and its free People Search function allowed users to access full NRIC numbers. Concerns surfaced on December 12, and the search function was disabled the following evening.

The surge in searches, far exceeding the typical daily average of 2,000–3,000, came predominantly on December 13 from approximately 28,000 IP addresses, most of which were from Singapore.

Second Minister for Finance Indranee Rajah explained that while the portal’s function to prevent automated bot searches failed, there is no evidence that malicious actors accessed the data.

Security Oversight and Response

Ms. Indranee acknowledged that the Bizfile portal did not track individual queries, making it impossible to determine the exact number of NRIC numbers disclosed. Acra and GovTech have since conducted a review, addressing the malfunctioning security feature.

The People Search function resumed on December 28, with NRIC numbers no longer displayed in search results.

Acra is also exploring additional parameters, such as using Unique Entity Numbers (UENs) in searches, to enhance data protection.

Scope of Data and Mitigation Advice

Ms. Indranee clarified that Acra’s database contains information only on individuals involved in Acra-registered entities, such as companies, partnerships, and non-profits.

She provided steps for individuals concerned about potential misuse of their NRIC numbers:

  1. Avoid using NRIC numbers as passwords for digital accounts and change any such passwords immediately.
  2. Refrain from using NRIC numbers for authentication purposes.
  3. Verify the identity and intent of individuals requesting NRIC details, even if they appear to know the number.

Lessons and Safeguards

The incident highlights vulnerabilities in systems managing sensitive personal data. While Acra has taken corrective measures, Ms. Indranee emphasized the importance of vigilance and better design in future systems to prevent similar breaches.

Comments

Popular posts from this blog

Three Culpable Homicide Charges for Dangerous Drivers in Fatal Crash

  Two Singaporean drivers are facing serious criminal charges following a fatal high-speed incident on the Central Expressway that resulted in the death of a motorcyclist. Cassidy Tan Ting Hwee, aged 33, and Rayson Loo Sian Hao, aged 35, were formally charged on October 28th with culpable homicide not amounting to murder for their alleged roles in the tragic January 2024 accident. According to court documents presented during the hearing, the two drivers engaged in extremely dangerous driving behavior along the CTE, with investigations revealing they repeatedly overtook each other at speeds far exceeding the legal limit. Court evidence indicates that Tan allegedly reached speeds of up to 192 kilometers per hour, while Loo drove at approximately 170 kilometers per hour, both significantly surpassing the 90 km/h speed limit designated for that section of the expressway. The fatal sequence of events occurred in the early hours of January 14th, 2024, when police were alerted to a serio...

Orchard Road and Jurong Arrest with Trio Linked to $250K in Illicit Funds

  Singapore Police have arrested three men, aged 22 to 40, for their suspected involvement in money laundering activities connected to scams. On December 5, 2024, officers conducted operations that led to the arrests and the seizure of significant evidence. Two men were apprehended near Orchard Road. During their arrest, police seized 51 bank cards, two mobile phones, and $34,700 in cash. Preliminary investigations suggest that the duo withdrew illicit funds from compromised bank accounts that did not belong to them. The funds were then redeposited into other accounts or handed over to couriers or runners, facilitating money laundering operations for a scam syndicate. Further investigations led to the arrest of a 40-year-old man in Jurong. This individual is believed to have moved large sums of physical cash on behalf of the syndicate, collecting and delivering money to other parties. Police seized two mobile phones and over $217,000 in cash from this arrest. The two men arrested n...

American Brothers Jailed in Singapore for Armed Standoff!

  Three American brothers were sentenced on Dec 5 for possessing knives during a confrontation at Orchard Plaza in Singapore. Albert Max Martinez-Arizala, 25, received six weeks’ jail, Alexis Jesus Martinez-Arizala, 21, was jailed for four weeks, and Alejandro Martinez-Arizala Jr, 18, was given a 14-day short detention order, sparing him a criminal record. The incident began during their vacation in Singapore. After visiting nightclubs, Alexis and Alejandro had a dispute at Tai Heng Teochew Porridge Stall on July 27, 2024. Alexis leaned on a movable partition, prompting the stall owner to warn him, which escalated into an argument. A man intervened, and the brothers exchanged heated words, gesturing for a fight. Passers-by calmed the situation, and the brothers left the stall. When Albert rejoined them, Alexis and Alejandro falsely claimed they were attacked. The trio, fearing being outnumbered, armed themselves with knives, a frying pan, and a bottle of cleaner from a supermarket....