Skip to main content




Personal data of more than 6,500 people 'inadvertently' leaked by Singapore Accountancy Commission

Personal data of more than 6,500 people 'inadvertently' leaked by Singapore Accountancy Commission

File photo of a man looking at the computer screen. (Photo: Xabryna Kek)

SINGAPORE: The personal data of more than 6,500 people was "inadvertently" disclosed by the Singapore Accountancy Commission (SAC) - a statutory body under the Ministry of Finance (MOF).

The information disclosed included names, NRIC numbers, dates of birth, contact details, education and employment information, and Singapore chartered accountant qualification examination results," the commission said in a news release on Friday (Nov 22).

"The SAC takes a serious view of this incident, and deeply regrets this mistake," it said.

READ: Quicker enforcement action for some data breach offenders: Singapore privacy watchdog

SAC is tasked with the development of Singapore's accountancy sector.

Between Jun 12 and Oct 22 this year, a folder containing the data of 6,541 individuals was accidentally attached to emails sent by SAC to 41 people in 22 organisations, it said.

The purpose of the emails - which were sent to 21 accredited training organisations (ATOs) and one vendor - was to "inform them of administrative matters", it added.

The individuals whose data were leaked include past and current Singapore chartered accountant qualification candidates, ATO employees and others involved in the administration of the Singapore chartered accountant qualification programme before May 17, 2019.

They were informed on Friday of the "unintentional disclosure". 

READ: Sephora data breach: 3.7m customer records up for sale on Dark Web, says cybersecurity firm

The leak was discovered on Nov 7, after the commission implemented a new data protection filter as part of the recommendations by the Public Sector Data Security Review Committee.

"After the incident was discovered, the SAC contacted all 22 organisations on
11 November 2019 to request that they delete the data folder, and to ascertain whether recipients of the data folder had forwarded the data folder to other persons," the commission said. 

"The SAC has also notified the Personal Data Protection Commission about the incident," it added.

In response to CNA's queries, the Personal Data Protection Commission said: "PDPC has been notified of the incident and is looking into the matter.”

All 22 organisations have confirmed that they have deleted the data folder, including any forwarded data, SAC said.

SAC said that affected individuals can contact the commission at SAC_CHECK [at] if they have any queries.

It also said that it will set up a panel to review the leak and make any necessary recommendations.

The panel will be chaired by SAC chairman Chaly Mah, and comprise members from the SAC board, the Smart Nation and Digital Government Office and the Public Service Division .

Source: CNA/aa


Also worth reading