Personal info of 4,200-odd individuals compromised after Singapore Red Cross website breach

SINGAPORE — Details of more than 4,200 individuals who registered their interest in making blood donations on the Singapore Red Cross (SRC) website were accessed without authorisation on 8 May, the SRC said in a media statement on Thursday (16 May).

SRC said that the compromised information of the 4,297 affected individuals includes their names, contact numbers, emails, declared blood types, preferred appointment dates/times and preferred locations for blood donation.

“No other information was affected. SRC’s other databases have not been compromised. The Health Sciences Authority’s (HSA) systems are similarly unaffected by this incident,” the statement said.

Upon being alerted to the unauthorised access by its web developer, the SRC reported this incident to the police, as well as the Personal Data Protection Commission and HSA. Police investigations are ongoing.

Preliminary findings showed that a weak administrator password could have left the website vulnerable to a breach. As a precaution, the SRC has disconnected the website from internet access, and replaced it with a temporary webpage with links to relevant websites.

The SRC said it has engaged external consultants to conduct forensic investigations to determine the exact factors that led to the incident. It will then take the necessary actions to strength its IT security measures upon receiving the consultants’ findings and recommendations.

SRC secretary general Benjamin William said in the statement, “Our immediate priority is to ensure affected individuals and partners are notified... We apologise to the users of our website whose information may have been affected by this incident.”

Other Singapore stories:

Man bought credit card details online to buy milk powder and sell on Carousell

Campus Voyeurism: How can we feel safer? - students

Commuters can use Visa contactless cards to pay for public transport from 6 June