Personal data of about 30,000 e2i clients potentially exposed after malware attack on vendor’s employee

Personal data of about 30,000 e2i clients potentially exposed after malware attack on vendor’s employee

Man types on a computer keyboard in front of the displayed cyber code in this illustration picture
A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on Mar 1, 2017. (File photo: Reuters/Kacper Pempel)

SINGAPORE: Personal data of about 30,000 people who have used e2i’s services may have been exposed after a malware attack on the mailbox of an employee at a third-party vendor.

E2i (Employment and Employability Institute) is the job and training arm of the National Trades Union Congress (NTUC).

In a media statement on Monday (Apr 5), e2i said the data incident was brought to its attention on Mar 12.

“The incident may have resulted in an unauthorised access to the affected mailbox that contained personal data of approximately 30,000 individuals who had used e2i’s services,” it said.

“The potentially affected personal data may include names, NRIC, contact details, educational qualifications and employment details.”

READ: Singtel third-party vendor hacked, customer information 'may have been compromised'

E2i said it has taken time to make an impact assessment due to the complexity of investigations, adding that the third-party vendor is i-vic International.

“We have worked with the utmost urgency with the vendor to ascertain the nature and extent of personal data that has been potentially affected,” it added.

“Together with the vendor, we have followed up immediately with mitigation measures to tighten the security of email and network systems and will be doing constant checks to monitor closely for any potential vulnerabilities.”

READ: New guidelines for financial institutions in Singapore to combat risks of cyberattacks

READ: Singapore joining Interpol-led global financial crime task force looking into COVID-19 vaccine scams

E2i said it is reaching out to those who may have been potentially affected via email, SMS or phone to provide support on how best to manage any potential risks.

“We are deeply sorry for the anxiety this data incident may bring to our clients. The protection of our clients’ personal data is of utmost importance to us," said CEO of e2i Gilbert Tan.

"Though the malware did not target e2i directly, cybersecurity threats are real and the protection of personal data is of top priority to us.

“e2i will be doing constant checks on both e2i’s as well as our vendor’s IT systems.”

Mr Tan added that e2i’s operations, services and systems remain unaffected. Job seekers can continue to seek employment and employability assistance with e2i.

Source: CNA/gs(rw)

Bookmark