[BreachExchange] Red Cross website hacked in latest Singapore cyber attack
Destry Winant
destry at riskbasedsecurity.com
Thu May 16 10:18:05 EDT 2019
https://phys.org/news/2019-05-red-website-hacked-latest-singapore.html
The Singapore Red Cross said Thursday its website had been hacked and
the personal data of more than 4,000 potential blood donors
compromised in the latest cyber attack on the city-state.
Singapore, one of the world's most digitally advanced countries, has
been the target of multiple high-profile hacks in recent times,
including the theft last year of 1.5 million citizens' health records.
In the latest attack, Singapore Red Cross (SRC) said personal details,
including names, blood types, and contact numbers of 4,297 potential
blood donors were compromised after an unauthorised access to a
section of its website on May 8.
SRC reported the breach to the authorities on the same day and police
have launched an investigation, a statement said.
"SRC takes this incident seriously," the organisation said, adding
that "external consultants" are helping in the probe.
Preliminary findings showed that a "weak administrator password" may
have made the site vulnerable.
SRC Secretary General Benjamin William said the organisation was
contacting individuals affected by the breach.
Last July, the city-state's biggest ever data breach saw hackers gain
access to a government database and make off with the records of 1.5
million Singaporeans including Prime Minister Lee Hsien Loong.
An official inquiry highlighted a litany of failings, including
weaknesses in computer systems, and inadequate staff training and
resources. Authorities believe a state was likely behind that attack.
Singapore in January announced that confidential information of 14,200
people diagnosed with the virus that causes AIDS had been dumped
online, with most of those affected foreigners.
Authorities accused Mikhy Farrera Brochez, an HIV-positive American
who was jailed in the city-state and deported in 2018, of leaking the
data after obtaining it from his Singaporean doctor partner.
In March, the Health Sciences Authority said the personal data of
800,000 people who have donated or registered to donate blood in
Singapore since 1986 were improperly put online for more than two
months.
Cybersecurity experts have pointed out that health data is
particularly vulnerable because it can be used to blackmail people in
positions of power.
Scott Robertson, vice president of Asia Pacific and Japan for
cybersecurity firm Zscaler, said the Red Cross breach "underscores
that cybersecurity is a business problem that has to be supported by
technology".
More information about the BreachExchange
mailing list