SINGAPORE: A Municipal Services Office (MSO) vendor has been affected by a "cyber incident", in which a "malicious actor" deleted data related to push notifications for MSO’s OneService application.
The office was alerted to the incident on the databases of one of its vendors Apptitude on Jun 19, MSO said in a statement on Monday (Jun 28).
“The malicious actor deleted data related push notifications for MSO’s OneService application, such as device types and past push notification messages,” it added.
MSO said that the app system and its users were not affected by the incident, and that no personally identifiable information, such as case details, were stored in the compromised databases.
“The compromised databases cannot be used to identify (OneService) app users or impersonate MSO or OneService to send out push notifications to the (OneService) app users,” it added.
Once alerted, the office said it worked with Apptitude to immediately switch off the push notification system and put in place additional measures to strengthen its security. MSO said it has undertaken further precautions and will continue to monitor its systems for potential threats and vulnerabilities.
Investigations on how the incident might have occurred are ongoing, the statement added.