The database containing 70,000 members of the Securities Investors Association of Singapore (SIAS) may have been illegally breached in 2013, though the data breach was only uncovered recently.
The Cyber Security Agency of Singapore (CSA) had notified SIAS of the breach on Wednesday morning (Jul 25) after receiving a tip-off from an anonymous source.
The anonymous source has been revealed to be online vigilantes, SMRT Feedback.
In an email reply today (Jul 26) to Observer+, the vigilantes said that they had alerted CSA on Tuesday afternoon (Jul 24) about the breach. In the email tip-off, they had provided the login credentials including the administrator’s passwords used by SIAS to ascertain the veracity of their information.
SMRT Feedback also mentioned that the full names, NRIC numbers, home addresses, e-mail addresses, mobile and landline numbers of members may have been compromised, which was confirmed separately by SIAS president David Gerald.
SMRT Feedback also confirmed that the breach is not related to the Singhealth hack in which personal information of 1.5 million people from the Singhealth database – including that of Prime Minister Lee Hsien Loong – was stolen by hackers.
When asked about how SMRT Feedback had gotten hold of the information in the first place, they only had this to say:
SMRT Feedback did, however, disclose the hacking technique used in the database breach. Read here.
In a reply to The Business Times yesterday, SIAS founder and chief executive officer, David Gerald said, “This is really shocking. Five years later, we come to know.”
“We are truly very sorry this had happened even though we took precautionary measures. We are now offline,” Mr Gerald said.
SIAS general manager, Richard Dyason said that they have not found evidence to suggest that the records were amended or deleted.
SIAS has since disabled its website and will be launching a new website in a couple of days, subject to further security audits to ensure there is no “lingering malware”.
“What we can do is to step up the robustness of our IT processes. They can outsmart us, but we must still continue to fight them,” Mr Gerald said.
Mr Gerald added that all Sias members have since been informed.
SMRT Feedback had on July 23 tweeted that “another major hack will be exposed soon”, shortly before CSA informed the media that SIAS’s database had been breached.
SMRT Feedback discloses hacking technique used in SIAS database hack