Skip to main content

Massive NRIC Leak with Over 500,000 NRIC Searches in 5 Days

 


More than 500,000 searches were made on the Accounting and Corporate Regulatory Authority’s (Acra) Bizfile portal between December 9 and 13, exploiting a flaw that revealed full NRIC numbers. This incident sparked widespread concern, prompting a ministerial response in Parliament on January 8.

Incident Overview

The new Bizfile portal was launched on December 9, and its free People Search function allowed users to access full NRIC numbers. Concerns surfaced on December 12, and the search function was disabled the following evening.

The surge in searches, far exceeding the typical daily average of 2,000–3,000, came predominantly on December 13 from approximately 28,000 IP addresses, most of which were from Singapore.

Second Minister for Finance Indranee Rajah explained that while the portal’s function to prevent automated bot searches failed, there is no evidence that malicious actors accessed the data.

Security Oversight and Response

Ms. Indranee acknowledged that the Bizfile portal did not track individual queries, making it impossible to determine the exact number of NRIC numbers disclosed. Acra and GovTech have since conducted a review, addressing the malfunctioning security feature.

The People Search function resumed on December 28, with NRIC numbers no longer displayed in search results.

Acra is also exploring additional parameters, such as using Unique Entity Numbers (UENs) in searches, to enhance data protection.

Scope of Data and Mitigation Advice

Ms. Indranee clarified that Acra’s database contains information only on individuals involved in Acra-registered entities, such as companies, partnerships, and non-profits.

She provided steps for individuals concerned about potential misuse of their NRIC numbers:

  1. Avoid using NRIC numbers as passwords for digital accounts and change any such passwords immediately.
  2. Refrain from using NRIC numbers for authentication purposes.
  3. Verify the identity and intent of individuals requesting NRIC details, even if they appear to know the number.

Lessons and Safeguards

The incident highlights vulnerabilities in systems managing sensitive personal data. While Acra has taken corrective measures, Ms. Indranee emphasized the importance of vigilance and better design in future systems to prevent similar breaches.

Labels:
Location: Singapore

Comments

Post a Comment

Popular posts from this blog

SIA Business Class Theft: Chinese National Jailed for Syndicate Operation

  On December 23, 2025, Liu Ming, a 26-year-old Chinese national, was sentenced to 20 months in prison for committing a high-value theft on a Singapore Airlines flight. The case serves as a stark reminder of the organized nature of in-flight criminal syndicates that target premium passengers on long-haul routes. Liu was convicted of one count of theft after investigations revealed he was part of a larger criminal organization that specifically financed his travel to carry out mid-air robberies. The incident occurred during a flight departing from Dubai on August 7, which was scheduled to land in Singapore the following morning. Liu had been placed in the business class cabin, a seat funded by the criminal syndicate he represented, to give him access to wealthy travelers and their high-value belongings. At approximately 2:00 am Singapore time on August 8, while the aircraft was in transit and the cabin lights were dimmed to allow passengers to sleep, Liu initiated his plan. Leaving ...
Post a Comment
Read more

Doctor Faces Jail Time For Negligent Aesthetic Treatment Leading To Patient Death

  A thirty seven year old medical practitioner named Chan Bingyi is facing a potential prison sentence of between eighteen and twenty four months following his conviction for a negligent act that resulted in the death of a patient. On April 21 2026 the prosecution presented its sentencing arguments before the court highlighting the severity of the lapse in medical judgment that occurred in 2019. The case involves the death of Lau Li Ting a thirty one year old property agent who passed away following an aesthetic treatment. The incident took place on March 8 2019 at the Revival Medical & Aesthetics Centre located in Bras Basah Road. Ms Lau had visited the clinic situated within the Esplanade Xchange shopping mall for aesthetic purposes specifically hoping to address fine lines on her forehead. During the visit Chan intravenously administered ethylenediaminetetraacetic acid or EDTA to the patient. Court documents and expert testimony emphasized that there was no medical necessity...
Post a Comment
Read more

Elderly Healer Jailed for Sexual Assault Under Guise of 'Black Magic Rituals'

  A 71-year-old man, Mohamed Salleh Samad, was sentenced to six years and eight months in jail for sexually assaulting a woman under the pretext of curing her of "black magic." Salleh admitted to one charge of sexual assault, with another similar charge considered in sentencing. The 46-year-old victim believed she was afflicted with "black magic" after suffering from bloating and stomach pain, which she thought was caused by her ex-husband. Acting on advice from an acquaintance, she sought Salleh's help, who claimed to possess healing abilities. The Fake Rituals The first "ritual" on August 25, 2023, involved the victim showering in a mix of salt and vinegar. When her pain persisted, she invited Salleh for a second session on August 28, 2023. Salleh arrived at her home with the victim's acquaintance. To isolate the victim, Salleh sent the acquaintance to a shop and convinced her husband and children to leave, claiming their presence might disrupt t...
Post a Comment
Read more