Meridian Secondary School has filed a police report after hackers broke into a website for a competition organised by the school.
In a statement yesterday, the school said that its Young Illustrator Award website was hacked on Aug 29. The vendor managing the website told the school about the incident the next day, and Meridian Secondary immediately worked with the vendor to take the website down as a safety precaution.
It also made a police report and is now "working closely with the relevant authorities to resolve the matter". All those who were registered on the website were asked to change their passwords and to alert the school if they noticed any suspicious activity.
The school said none of its other systems were affected, as the art contest website was a stand-alone system. The affected website - www.siglap-youngillustratorawards.com - hosted an online art competition open to primary and secondary school students. It asked for information such as participants' names, schools, home addresses and mobile numbers.
Yesterday, the Ministry of Education (MOE) said it launched an investigation immediately after it was notified of the hacking. Preliminary findings show that the breach is "fairly contained".
"No personally identifiable data had been compromised," said MOE. It added that such attacks cannot be taken lightly, and it will continue to "share best practices in cyber security with all schools, to better equip them to safeguard personal and classified data under their care".
"MOE has always emphasised to our schools the importance of sound cyber-security measures to mitigate against cyber attacks," said a spokesman.
In 2015, The Straits Times reported that MOE had awarded a tender for a Web defacement monitoring service for schools. Website defacement is an attack that changes the visual appearance of a site. The service supplier was to monitor the main pages of school websites, detect changes made and provide SMS alerts to webmasters if there is Web defacement or an unauthorised change.
Mr Matthias Chin, the founder of Banff Cyber Technologies, a local cyber-security firm, said it is important for schools to strengthen Web defences in the light of such incidents as there is a possibility websites could be re-hacked: "In some cases, the compromised websites may have been insidiously exploited by hackers to spread ransomware, to pivot deeper into the organisation to steal more data or host unauthorised links."
In April, hackers broke into the networks of the National University of Singapore and Nanyang Technological University in a bid to steal government and research data. No classified data was stolen as the universities' systems are separate from government systems.