SINGAPORE: About 70,000 members of the Securities Investors Association (Singapore) had their personal particulars illegally accessed and copied in 2013, though the data breach was only uncovered recently.
The investor watchdog said in an email to its members that the breach had come to its attention only on Wednesday (Jul 25).
The email, signed off by SIAS general manager Richard Dyason, said the association’s membership database was “breached and leaked” five years ago, resulting in names, NRIC numbers and telephone numbers of affected members being “illegally accessed and copied”.
However, “no records were amended or deleted”, it added.
When contacted, SIAS president David Gerald said the investor watchdog was notified of the breach by the Cyber Security Agency of Singapore (CSA) on Wednesday morning.
As investigations into the breach get underway, SIAS said it is “taking active steps to prevent any further illegal access”.
A new website will be launched in a few days and to “limit any potential threat”, it has temporarily taken down its website in the meantime.
"We sincerely apologise for the service disruption and for any distress that the breached may have caused," it added in the email.
This comes on the back of last week’s revelation of a cyberattack on SingHealth’s database, in which personal information of 1.5 million people – including that of Prime Minister Lee Hsien Loong – was stolen by hackers.
CSA said on Wednesday that the SIAS breach is not related to the SingHealth incident.
"As SIAS is not a public sector agency nor Critical Information Infrastructure, SingCert reached out to them to inform them and asked them to verify the situation," CSA said in a statement.
"We noted that SIAS website has some vulnerabilities hackers could have exploited. We alerted SIAS about technical issues in their website design so that they can take the necessary safeguards."