Singapore Companies Hacked and Humiliated


Hacking is getting more and more into our sight. In 2012, one example was a Singapore sweet shop website hacked  by Malaysians. last week, KBox was hacked into and more than 300,000 member details leaked. An infamous milestone in the Singapore context. In that week, an M1 online form was hacked and some personal accounts were also compromised. Last year, Messiah aka James Raj Arokiasamy stole Standard Chartered customers’ statement details besides hacking into the AMK Town Council website. Singapore Arts Museum personnel data was also stolen by others and published for all to gawk at and abuse last year. Hackers go for the easy hack, public and private bodies who don’t bother to keep their data confidential and protected from online attacks. The hacker plague is not limited to Singapore while it has become more and more common lately in the little red dot. This year, Home Depot, a huge US chain, was also hit and credit card details of members stolen.

Hackers are vandals and thieves regardless if they hit public or private organisations, regardless if they have some pretentious socio-political messages or upfront about their criminal intentions. Companies are not blameless if they allow themselves to be hacked especially if data leaked puts its customers at physical or financial risk. The thinking is that governments are the only ones who should keep our personnel information under lock and key. Not so, indeed as we give up our NRIC, address, email and contact numbers easily when we fill up forms for online shopping, various memberships etc, some standards of securing data should be held by companies.

 

K Box leak a wake-up call for businesses
Irene Tham
The Straits Times
Monday, Sep 22, 2014
CONSUMERS often part with personal information to get members-only perks. But the parting can be painful – when personal data is leaked and made public, as in the case of over 300,000 members of karaoke bar chain K Box.

Their names, addresses and mobile phone and identity card numbers were posted on several websites on Tuesday, purportedly by hackers protesting against upcoming toll fee hikes at Woodlands Checkpoint.

It is not known if the leak was an inside job or the result of system hacking.

But the incident is a wake- up call: Businesses either pay now to secure the personal data collected, or they may end up paying a lot more later.

“There is a high price to pay for treating the protection of consumers’ data lightly,” said Consumers Association of Singapore executive director Seah Seng Choon.

Not only will there be a loss of reputation, but negligent businesses also face a fine of up to $1 million under a newly enforced law. Even if hackers had stolen customers’ personal data, companies must take “reasonable security measures”.

The obligation is spelt out – though measures are not – in the Personal Data Protection Act, fully enforced on July 2.

Precise industry measures will take time, said lawyer Gilbert Leong, a partner at Rodyk & Davidson.

“What is reasonable or expected of a bank would most likely not be reasonable or expected of a wine store, for instance.”

So the industry will be watching as the Personal Data Protection Commission investigates the K Box leak, the biggest reported breach of personal data here.

Another case of a smaller scale being investigated by the commission involves the details of 12 customers of telco M1, which were exposed on Monday on an online form for pre-orders for the new iPhone.

The two cases might have happened under different circumstances, but it is worrying when personal data falls into the wrong hands.

What happened to technology blogger Alfred Siew, 40, could happen to anyone. On Tuesday, he got a call from someone using a private number claiming to be a loan shark.

“He read out my name and NRIC number… and threatened to harm my family unless I paid up. It was unnerving,” said Mr Siew, unable to recall if he had ever misplaced his identity card.

Police could not help. He was told instead to file a magistrate’s complaint, which may involve legal fees to prosecute the case.

Meanwhile, the K Box breach prompted some businesses to pull up their socks.

“Organisations are now more easily persuaded to take the law seriously,” said media and technology lawyer Bryan Tan, a partner at Pinsent Masons MPillay.

But more can be done.

Businesses may want to take a leaf out of IT retail chain Challenger’s book.

It keeps the names, identity card and phone numbers, as well as e-mail addresses of its more than 500,000 members in a server locked in a room, accessed by staff only via fingerprint scanning.

Cashiers can call up members’ data when members redeem points, but cashiers need to scan their fingerprints on sale terminals.

Challenger chief operating officer Ben Tan said: “This is so that we have an audit trail if there is a leak.”

itham@sph.com.sg

4 responses

  1. Cyber robbers and thieves hack into big departmental stores like Target, Home Depot and others here in North America! The Police and Prosecution public services must be retrained and re energized in dealing with technology crimes like hacking into customers accounts and copyrighted patents and designs etc. It’s just the greed and easy money motivation as ancient as history ,now it’s technology transfers of data information for cash enrichments !

    Gerald Heng Sr.
    Metrowest Boston,Ma/ Washington DC

    September 22, 2014 at 10:20 am

  2. Pingback: Daily SG: 22 Sep 2014 | The Singapore Daily

  3. chemgen

    Gerald Heng – You are right. It is the new mafia, the modern burglar, vandal 4.0 and e-extortionist all rolled into one.

    September 26, 2014 at 8:49 am

    • All Singaporeans in the Free Market should very pleased that you have highlighted this stealth robbery by hacking ! The Singapore Law Enforcement should upgrade its training of the police in these matters .The Manufacturers and Merchants should safeguard meticulously their customers information as a matter of good practice. My credit cards although already cancelled were stolen by thieves who made counterfeit cards on the numbers assigned to me, they then spend over $5000 usd on me,fortunately the cards were already cancelled, but nonetheless the charges came through on my numbers !The thieves probably use my name ,the defrauded merchants didn’t check their IDs ! They sure know how to get at the Bank !

      Gerald Heng Sr.
      Metrowest Boston, MA/Washington DC

      September 26, 2014 at 9:04 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s