NRIC numbers belonging to the latest cohort of national service recruits were posted on Facebook by mistake on Saturday (11 March).
The incident came to light when a member of the public by the name of Darryl Lo wrote in to newspaper TODAY to highlight the online post.
According to Lo, portraits of the recruits from the January 2017 batch, along with a link to their NRIC numbers, were uploaded by the Basic Military Training Centre (BMTC) to its Facebook page around 10pm on Saturday. The information was removed on Sunday, he added.
The incident comes a month after a “targeted and carefully planned” cyber-attack on the Ministry of Defence’s (Mindef) I-net system which saw the personal details of some 850 national servicemen and employees being stolen. This comprised NRIC numbers, telephone numbers, and dates of birth. No classified military information is stored on the I-net.
On Thursday (16 March), BMTC commander Colonel Desmond Yeo apologised for the “mistake” and said no other personal data had been released, reported TODAY. The information was removed before noon on Sunday (12 March), he said.
“BMTC recognises that making available our recruits’ portraits, labelled together with their NRIC numbers on a platform accessible to the general public, was an oversight. We apologise for the mistake,” said Yeo.
Yeo explained that the NRIC numbers were inadvertently published due to a change in system. He explained, “In order to make the BMT graduation parade a memorable and meaningful event, BMTC uploads soft-copy portraits of our recruits online so that they may share these with their family and friends. This effort has been warmly received by the recruits.
“Previously, the soft-copy portraits were labelled manually via a different system, such as the use of the recruits’ Platoon, Section and Bed Number. However, for the most recent graduating BMT cohort, the labelling was auto-generated via the scanning of the recruits’ SAF identity cards for the purpose of speeding up the process. This resulted in the portraits being labelled by NRIC numbers. No other personal data were released.”
BMTC will conduct a review of its procedures in order to prevent a similar incident from occurring, added Yeo.