3 hacked SingPass accounts used to apply for work permits

Singapore’s government revealed on Friday that three individual citizens’ accounts used for confidential government transactions were misused to apply for work passes.

The news of this comes a month after it announced that the login information for 1,560 of these, known as SingPass accounts, were compromised. In the breach, citizens’  identification card numbers — by default their SingPass user identifiers — and passwords, were obtained.

In a joint statement by the Ministry of Manpower and the Infocomm Development Agency (IDA), the government said the three citizens’ SingPass accounts were used by unknown third parties to apply for permits that would allow foreigners to work in Singapore.

The ministry said it confirmed with the three citizens that they themselves did not make those applications before cancelling them and handing the case to the police for investigation. It added that it has implemented more measures to strengthen and protect the integrity of its work pass transactions.

Meanwhile, the IDA continues to work on a more secure SingPass system, which it says will be ready by the third quarter of next year. Measures it plans to take with the new SingPass system include allowing citizens to set their own usernames to replace their default IC numbers and second-factor authorisation for government transactions.

The agency urges Singaporeans to strengthen their passwords to ones that contain letters, numbers, capital letters and symbols, to better protect their accounts.