IBM-managed SLA data incident leaves 70,000 individuals exposed
Names and property addresses were found in an anonymised test dataset.
The Singapore Land Authority (SLA) has disclosed that the personal data of about 70,000 individuals was affected in a data security incident involving an IBM-managed cloud environment.
The data was found in a testing dataset that was accessed without authorisation and should have contained only mock and anonymised information, but included names, NRIC numbers, and property addresses.
IBM was appointed to support and maintain SLA’s Singapore Titles Automated Registration System and eLodgment System, and managed the development and testing environment for both systems.
SLA said the affected environment is separate from its operational systems, and that there was no compromise to the live systems used for STARS, ELS, or any other SLA systems.
“Property ownership and lodgment records in STARS and ELS remain secure and unaffected,” it added.
Meanwhile, IBM has revoked access linked to the affected development and testing environment to prevent further unauthorised access.
SLA has begun notifying affected individuals and is working with IBM, GovTech, and the Cyber Security Agency of Singapore to investigate the incident.
The agency has also lodged a police report and notified the Personal Data Protection Commission.
The dataset was created in 1998 and updated periodically over the years for vendor development and testing.