Skip to main content

Massive NRIC Leak with Over 500,000 NRIC Searches in 5 Days

 


More than 500,000 searches were made on the Accounting and Corporate Regulatory Authority’s (Acra) Bizfile portal between December 9 and 13, exploiting a flaw that revealed full NRIC numbers. This incident sparked widespread concern, prompting a ministerial response in Parliament on January 8.

Incident Overview

The new Bizfile portal was launched on December 9, and its free People Search function allowed users to access full NRIC numbers. Concerns surfaced on December 12, and the search function was disabled the following evening.

The surge in searches, far exceeding the typical daily average of 2,000–3,000, came predominantly on December 13 from approximately 28,000 IP addresses, most of which were from Singapore.

Second Minister for Finance Indranee Rajah explained that while the portal’s function to prevent automated bot searches failed, there is no evidence that malicious actors accessed the data.

Security Oversight and Response

Ms. Indranee acknowledged that the Bizfile portal did not track individual queries, making it impossible to determine the exact number of NRIC numbers disclosed. Acra and GovTech have since conducted a review, addressing the malfunctioning security feature.

The People Search function resumed on December 28, with NRIC numbers no longer displayed in search results.

Acra is also exploring additional parameters, such as using Unique Entity Numbers (UENs) in searches, to enhance data protection.

Scope of Data and Mitigation Advice

Ms. Indranee clarified that Acra’s database contains information only on individuals involved in Acra-registered entities, such as companies, partnerships, and non-profits.

She provided steps for individuals concerned about potential misuse of their NRIC numbers:

  1. Avoid using NRIC numbers as passwords for digital accounts and change any such passwords immediately.
  2. Refrain from using NRIC numbers for authentication purposes.
  3. Verify the identity and intent of individuals requesting NRIC details, even if they appear to know the number.

Lessons and Safeguards

The incident highlights vulnerabilities in systems managing sensitive personal data. While Acra has taken corrective measures, Ms. Indranee emphasized the importance of vigilance and better design in future systems to prevent similar breaches.

Labels:
Location: Singapore

Comments

Post a Comment

Popular posts from this blog

New Punggol Northshore BTO Plagued by Water Seepage and Electrical Hazards

  ***Update: HDB, Maincon and Consultant has came down to the unit to check. Will update on status once we have more information. A Punggol Northshore BTO homeowner, who moved into his newly renovated flat in July 2024, has voiced frustration over severe water leakage issues that have left his unit unsafe and unlivable. Water has been observed seeping from an electrical powerpoint, with puddles forming on the floor and walls showing bubbling and signs of damage from moisture. The source of the leak appears to be an external wall adjacent to the master bedroom, according to assessments by the main contractor. However, the leakage has already caused significant damage to the flat's walls and paintwork, leaving the homeowner distressed. Adding to the frustration, the main contractor advised the homeowner to avoid using the affected power switches in the living room and bedroom due to the risk of a short circuit. Despite the warning, the homeowner has no choice but to turn on the light...
Post a Comment
Read more

The Gateway to Singapore’s Digital Future, Punggol Coast MRT Station Opens Today!

  The Punggol Coast MRT station, the 17th station on the North East Line (NEL), officially opened on December 10, 2024. Located in the heart of the Punggol Digital District (PDD), it extends the NEL’s total length to 22 km and enhances accessibility for over 200,000 households within a 10-minute walk of an NEL station. Senior Minister Teo Chee Hean, speaking at the launch, emphasized the station's role in transforming Punggol Town into a vibrant, connected, and sustainable hub. Travel time for Punggol North residents to Outram Park is now reduced to 45 minutes, down from 60 minutes. Transport Minister Chee Hong Tat highlighted the foresight in planning Singapore’s transport infrastructure, such as provisions made two decades ago for the Cross Island Line interchange at Punggol MRT station. This long-term approach underscores Singapore’s commitment to future generations. The station integrates seamlessly with PDD, a 50-hectare smart and sustainable district focusing on digital indus...
Post a Comment
Read more

Crackdown on Illegal Ride-Hailing with 4 Drivers Caught in LTA Operation

  In a recent operation conducted by the Land Transport Authority (LTA) of Singapore, four drivers were caught and had their vehicles impounded for providing illegal ride-hailing services. These unauthorized services operated both within Singapore and across the border to Malaysia, posing significant risks to passengers. The LTA has issued a stern warning to the public, advising against using such illegal services due to the lack of proper licensing and insurance, which can leave passengers vulnerable in the event of accidents. The operation underscores LTA’s commitment to ensuring the safety and regulation of ride-hailing services in Singapore. Drivers caught offering illegal ride-hailing services without a valid Public Service Vehicle (PSV) Licence face severe penalties, including fines of up to $3,000, imprisonment for up to six months, or both. These measures are in place to deter unlicensed operators and protect passengers from potential harm. Illegal ride-hailing services oft...
1 comment
Read more