Enforcement and breach details

Irene Tham
Tech Editor
Updated
May 25, 2016, 10:35 AM
Published
Apr 23, 2016, 05:00 AM

K BOX ENTERTAINMENT GROUP

The karaoke chain received the heaviest fine of $50,000 and was directed to appoint a data protection officer, a must-have under the law. The enforcement was for a data breach involving 317,000 customers, resulting in their names, contact numbers and home addresses being posted on file-sharing website pastebin.com in September 2014.

Lax security measures caused the breach. For instance, access to its computers was protected by weak passwords comprising only one letter of the alphabet.

FINANTECH HOLDING

K Box's IT vendor was fined $10,000 for failing to update K Box's systems with the latest, most secure software and for lax security procedures. For instance, the system administrator's account password was simply "admin".

INSTITUTION OF ENGINEERS SINGAPORE

The Institution of Engineers Singapore was fined $10,000 for failing to put in place adequate security measures, resulting in the wrongful disclosure of the names, and e-mail and residential addresses of 4,000 members on pastebin.com.

FEI FAH MEDICAL MANUFACTURING

The health supplements supplier was fined $5,000 for failing to secure its online databases, resulting in the wrongful disclosure of the usernames, passwords, contact numbers and e-mail addresses of more than 900 customers on pastebin.com.

UNIVERSAL TRAVEL CORPORATION

The tour agency was directed to strengthen its data protection policy and send staff to be educated on the requirements of the law, although the tour agency was not fined. Its staff had shared the names, nationalities, dates of birth and passport numbers of 37 customers with four individuals within this tour group.

CHALLENGER TECHNOLOGIES

The IT retail chain was warned for not checking that its IT vendor had sent e-mail updates about the membership details of 165,000 people to the right recipients, resulting in the wrongful disclosure of members' names and points.

XIRLYNX INNOVATIONS

Challenger's IT vendor Xirlynx Innovations was warned for not having the proper checks in place for e-mail communications.

FULL HOUSE COMMUNICATIONS

The home exhibition organiser was warned for not ensuring that its computer system for registering individuals in a lucky draw properly secured the names and details of people who had entered their information.

METRO

Metro megastore was warned for not securing its website and content management system properly, leading to a data leak involving 445 customers.

SINGAPORE COMPUTER SOCIETY

The society was warned for mistakenly sending a document containing the names, identity card numbers and business contact numbers of 214 individuals to these 214 individuals without proper checks.

YESTUITION AGENCY

Yestuition Agency was warned for mistakenly publishing on its website the identity card numbers of 30 tutors, without their consent.

Irene Tham

Correction: An earlier version of the story mistakenly stated that Challenger Technologies had revealed members' names, membership numbers and points. It had only disclosed member's names and points. We are sorry for the error.

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on April 23, 2016, with the headline Enforcement and breach details. Subscribe

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top