Database of Securities Investors Association (Singapore) hacked in 2013: CSA

The names, IC numbers, home addresses, email addresses, mobile and landline numbers of members were compromised, said Sias president David Gerald.
The names, IC numbers, home addresses, email addresses, mobile and landline numbers of members were compromised, said Sias president David Gerald.PHOTO: SIAS

SINGAPORE - The personal details of about 70,000 Securities Investors Association (Singapore) (Sias) members were hacked in 2013, and they were informed about it on Wednesday (July 25).

The names, IC numbers, home addresses, email addresses, mobile and landline numbers of members were compromised, Sias president David Gerald told The Straits Times.

Deputy director of the Singapore Computer Emergency Response Team (Singcert), Ms Goh Yan Kim, said that the Cyber Security Agency (CSA) received a tip off about the data breach in an email.

"This is not related to the SingHealth incident," said Ms Goh. "As Sias is not a public sector agency nor Critical Information Infrastructure, Singcert reached out to them to inform them and asked them to verify the situation."

She said the Sias website has some vulnerabilities which hackers could have exploited. The association has been informed about the technical issues in their website design, so that they can take the necessary safeguards.

Mr Gerald, Sias president, said he was "surprised" when the CSA informed him of the hack on Wednesday morning.

He said: "We don't know who did it. We have contacted our IT management company, who are external specialists working with our in-house IT team, and will take their advice on what to do."

He said that the IT specialists were currently investigating the incident and that all Sias members have since been informed.

"We are very sorry to members, especially the older members. Most of them don't have emails, so it took a little longer to inform them," said Mr Gerald.

In emails to affected members, Sias general manager Richard Dyason reassured them that the records were not tampered with, and were not amended or deleted.

Meanwhile, Mr Gerald said that Sias has taken its database offline, and is working on a new website. A check on the website on Wednesday evening, showed the association's logo and a message below that said: "SIAS new website is under development, we should be up in two days. Look forward to your visit soon."

The Sias president said that a decision will be made by the management committee on whether the members' details will go back online, or remain offline.

"We are working on how to make our processes more robust," he said. "We had firewall and other precautions in place, but we were told that there is no 100 per cent, when it comes to cybersecurity. Hackers are getting smarter and smarter."

He said that the association did not invest very heavily in the IT department, due to the limited funds it had to work with.

On July 20, it was revealed that the computers of SingHealth, Singapore's largest group of healthcare institutions, had been hacked, and the personal particulars of 1.5 million patients, including Prime Minister Lee Hsien Loong and a few ministers, leaked. It was Singapore's biggest data breach.