Skip to main content

Massive NRIC Leak with Over 500,000 NRIC Searches in 5 Days

 


More than 500,000 searches were made on the Accounting and Corporate Regulatory Authority’s (Acra) Bizfile portal between December 9 and 13, exploiting a flaw that revealed full NRIC numbers. This incident sparked widespread concern, prompting a ministerial response in Parliament on January 8.

Incident Overview

The new Bizfile portal was launched on December 9, and its free People Search function allowed users to access full NRIC numbers. Concerns surfaced on December 12, and the search function was disabled the following evening.

The surge in searches, far exceeding the typical daily average of 2,000–3,000, came predominantly on December 13 from approximately 28,000 IP addresses, most of which were from Singapore.

Second Minister for Finance Indranee Rajah explained that while the portal’s function to prevent automated bot searches failed, there is no evidence that malicious actors accessed the data.

Security Oversight and Response

Ms. Indranee acknowledged that the Bizfile portal did not track individual queries, making it impossible to determine the exact number of NRIC numbers disclosed. Acra and GovTech have since conducted a review, addressing the malfunctioning security feature.

The People Search function resumed on December 28, with NRIC numbers no longer displayed in search results.

Acra is also exploring additional parameters, such as using Unique Entity Numbers (UENs) in searches, to enhance data protection.

Scope of Data and Mitigation Advice

Ms. Indranee clarified that Acra’s database contains information only on individuals involved in Acra-registered entities, such as companies, partnerships, and non-profits.

She provided steps for individuals concerned about potential misuse of their NRIC numbers:

  1. Avoid using NRIC numbers as passwords for digital accounts and change any such passwords immediately.
  2. Refrain from using NRIC numbers for authentication purposes.
  3. Verify the identity and intent of individuals requesting NRIC details, even if they appear to know the number.

Lessons and Safeguards

The incident highlights vulnerabilities in systems managing sensitive personal data. While Acra has taken corrective measures, Ms. Indranee emphasized the importance of vigilance and better design in future systems to prevent similar breaches.

Labels:
Location: Singapore

Comments

Post a Comment

Popular posts from this blog

New Punggol Northshore BTO Plagued by Water Seepage and Electrical Hazards

  ***Update: HDB, Maincon and Consultant has came down to the unit to check. Will update on status once we have more information. A Punggol Northshore BTO homeowner, who moved into his newly renovated flat in July 2024, has voiced frustration over severe water leakage issues that have left his unit unsafe and unlivable. Water has been observed seeping from an electrical powerpoint, with puddles forming on the floor and walls showing bubbling and signs of damage from moisture. The source of the leak appears to be an external wall adjacent to the master bedroom, according to assessments by the main contractor. However, the leakage has already caused significant damage to the flat's walls and paintwork, leaving the homeowner distressed. Adding to the frustration, the main contractor advised the homeowner to avoid using the affected power switches in the living room and bedroom due to the risk of a short circuit. Despite the warning, the homeowner has no choice but to turn on the light...
Post a Comment
Read more

The Gateway to Singapore’s Digital Future, Punggol Coast MRT Station Opens Today!

  The Punggol Coast MRT station, the 17th station on the North East Line (NEL), officially opened on December 10, 2024. Located in the heart of the Punggol Digital District (PDD), it extends the NEL’s total length to 22 km and enhances accessibility for over 200,000 households within a 10-minute walk of an NEL station. Senior Minister Teo Chee Hean, speaking at the launch, emphasized the station's role in transforming Punggol Town into a vibrant, connected, and sustainable hub. Travel time for Punggol North residents to Outram Park is now reduced to 45 minutes, down from 60 minutes. Transport Minister Chee Hong Tat highlighted the foresight in planning Singapore’s transport infrastructure, such as provisions made two decades ago for the Cross Island Line interchange at Punggol MRT station. This long-term approach underscores Singapore’s commitment to future generations. The station integrates seamlessly with PDD, a 50-hectare smart and sustainable district focusing on digital indus...
Post a Comment
Read more

Queue-Cutting Toyota Raize Causes Chain Collision at Second Link

  Credit: Facebook@ 伟安 A Singapore-registered Toyota Raize was caught on video cutting the queue at the Second Link on Malaysia's side, sparking a chain collision on Dec. 24. The incident, which took place during peak traffic, highlights the dangers of reckless driving at border crossings. Incident Breakdown The Toyota Raize was seen traveling in the heavy vehicles lane before crossing over a double white line to join the congested car lane. Its sudden maneuver caused two other queue-cutting cars behind it to slow down sharply. This led to a lorry, which was traveling in the heavy vehicles lane, ploughing into the two cars. Smoke could be seen rising from the lorry following the impact, but the Toyota Raize appeared to escape unscathed and moved ahead. Meanwhile, the two cars involved in the collision were stopped. Reactions on Social Media The video of the incident drew widespread criticism. Commenters blamed the Toyota Raize for initiating the chain of events while also calling ...
Post a Comment
Read more