I was shocked to see the policy of other policyholders and all their personal information, including their investment and insurance profile. On my second login, I was able to log into other policyholders' accounts using my own ID and password.

I called NTUC Income three times to inform it about this serious problem but I was shocked with its response.

The staff said that I should not be looking at other people's policies and asked me to log out immediately. On top of that, the customer relationship officer did not seem to have a sense of urgency, did not seem surprised, was very relaxed and did not take the call seriously. He said that he would log the case and send it to the IT department.

I called my friends in Income and informed them to escalate the matter to management.

Feeling uneasy about the matter, I called Income again on another number and, this time round, I was advised to log out immediately which I did. It was only then that the Pole component was shut down.

My questions to Income are:

>>This is a serious breach of security and I was kind enough to inform it and yet its response was not professional and I was not taken seriously. Is that acceptable?

>>The customer relationship officer told me that a few customers had also called about the problem. If that was the case, why was there no immediately action? In an IT datacentre procedure, the first thing to do is to shut down the Pole component and not let it run further.

Being in the IT line myself and being an engineer on standby for a mission critical system, I can say with certainty that Income's data centre standard operating procedure and chain of command on system failure are completely unacceptable. They are seriously flawed. I am disappointed by Income's handling of this situation.

How Hee Ping