[BreachExchange] Sias says 2013 data breach hit 70,000 members

[Destry Winant]

https://www.businesstimes.com.sg/technology/sias-says-2013-data-breach-hit-70000-members

THE Securities Investors Association (Singapore) or Sias had suffered
a security breach in 2013, which compromised and leaked the data of
about 70,000 members.

"About 70,000 members sometime in 2013 have had their personal
particulars illegally accessed and copied," said Sias general manager
Richard Dyason in an email to Sias members, adding that this had only
come to Sias's attention on Wednesday.

The data included names, NRIC numbers and telephone numbers.

"Nevertheless, the records were not tampered with, that is, no records
were amended or deleted," he added."While we conduct investigations
into the breach, we are taking active steps to prevent any further
illegal access."

Sias will be launching a new website in "a few days", and in the
meantime, it has taken down its existing website to limit any
potential threat, it said.

David Gerald, Sias’ founder and chief executive officer, said: “We are
very sorry this had happened even though we took precautionary
measures. We are now offline. Sias will take all measures necessary to
protect the data and avoid such a breach."

The shocking revelation comes just after SingHealth's announcement
last Friday that the data of 1.5 million patients - including that of
Prime Minister Lee Hsien Loong - had been hacked. On Tuesday, the
authorities convened a four-member Committee of Inquiry (COI) to look
into the cyber attack that led to the biggest data breach in Singapore
and to make recommendations on how to better safeguard public sector
IT systems. The committee is helmed by former chief district judge and
current member of the Public Service Commission, Richard Magnus.