National Healthcare Group, SAFRA fined for PDPA breaches

SINGAPORE — The Personal Data Protection Commission (PDPC) censured seven companies and organisations for failing to secure and protect personal data on Thursday (9 January).

Out of the seven entities, six were given financial penalties totalling $90,000. The six are National Healthcare Group (NHG); global technology company Creative Technology; SAFRA, which provides social and recreational facilities for national servicemen; technology firm Globalsign.in; Society of Tourist Guides; and talent consultancy PeopleSearch.

The seventh, French beauty care company L’Oreal, was given a warning for compromising the data of seven individuals on its website.

In decision dates ranging from 19 November last year to 2 January, the PDPC cited various breaches to the Personal Data Protection Act by the organisations. They all failed to have proper security measures in place.

The NHG was fined $6,000 after a list containing personal details of 129 partner doctors was found to be accessible on the Internet.

The list included full names, mobile numbers, mailing addresses, email addresses, Singapore Medical Council registration numbers, NRIC numbers and photographs of these general practitioners.

Although unrestricted access to the list had been earlier highlighted by a vendor engaged to test the vulnerability of the website in June or July 2016, the list was later discovered by a general practitioner, who had signed up as a partner.

She had found the list through a Google search of her name on 7 February 2018. The NHG took down the website the next day and sent requests to Google to remove cached copies of the list. NHG also informed all 129 affected GPs about the incident. It informed the PDPC about the breach on 10 February 2018.

SAFRA was fined $10,000 after an employee sent out two batches of emails with an Excel spreadsheet containing the personal data of members of its shooting club on 9 September 2018.

While the employee claimed that he had deleted the spreadsheet from his email draft, the spreadsheet was still attached when he sent out mass emails. As a result, the personal details of 780 shooting club members, including NRIC numbers, date of births, addresses and telephone numbers, were sent to 491 members.

SAFRA has since taken remedial steps, including ringing up members to delete the spreadsheet.

Creative Technology was fined $15,000 after its online forum was hacked in mid-2018, resulting in 8,258 active user’s account information being compromised. The usernames, passwords, email addresses and Internet protocol addresses of these users were extracted by the hacker.

The firm temporarily shut down its forum on 4 June 2018 and permanently closed it from 20 June that year. It also determined that the hacking incident was isolated.

Other Singapore stories

US government approves Singapore to buy up to 12 F-35 jets at US$2.75b

Bangladeshi on trial for hacking compatriot to death after illicit cigarette syndicate clash

Singaporean student charged for importing child-like sex doll in Australia