Channel NewsAsia

Some 1,500 SingPass accounts potentially accessed without authorisation

The Infocomm Development Authority of Singapore has filed a police report after it was notified that 1,560 SingPass user IDs and passwords may have been accessed without permission. 

SINGAPORE: More than 1,500 SingPass users may have had their IDs and passwords accessed without their permission. The Infocomm Development Authority of Singapore (IDA) was notified on Monday (June 2) by the SingPass operator, Crimson Logic, that a number of users had received a SingPass password reset notification letter, even though they did not request a password change. SingPass is a single-factor authentification system for all government e-services in Singapore. 

It was announced on Wednesday (June 4) that IDA's preliminary investigations show that 1,560 users' IDs and passwords were potentially accessed, of which 419 passwords were reset. Password reset notification letters were sent to the registered address of SingPass account holders.

The IDA has filed a police report on Tuesday, but the authority's checks so far show there is no evidence to suggest the SingPass system has been compromised and there are no known losses. Passwords of all affected users have been reset, and the IDA is in the process of notifying them. IDA also says it is looking at using the two-factor authentication (2FA) system, for e-government transactions. 

Said Ms Jacqueline Poh, the Managing Director for the Infocomm Development Authority of Singapore: "For every individual, the incident underlines the importance of taking personal responsibility for cyber security." 

The Government strongly urges all SingPass users to take the necessary precautions to enhance their cyber security: 

  • Use strong passwords of more than eight characters with numerical figures or capital letters
  • Install anti-virus software and update these regularly

A statement by eGovernment solutions provider Crimson Logic reiterated that the SingPass system was not compromised. "We are working with IDA and the relevant authorities to investigate the matter. Our investigation has indicated that the SingPass system is not compromised nor breached. For users who notice suspicious activities regarding their SingPass, we strongly encourage them to reset their password immediately."

SingPass has 3.3 million users, and covers more than 340 e-services for 64 government agencies. These include services for the Central Provident Fund (CPF) Board, the Inland Revenue Authority of Singapore (IRAS) and the eCitizen online portal.

For Singapore citizens and Permanent Residents, the SingPass ID is commonly their identity card (NRIC) numbers. Employment Pass Holders are eligible for the SingPass as well. There were 57 million SingPass transactions in 2013.


Tweet photos, videos and updates on this story to  @channelnewsasia