Singapore Accountancy Commission accidentally leaks personal data of 6,541 people

The information disclosed included names, NRIC numbers, dates of birth, contact details, education and employment information and Singapore chartered accountant qualification examination results of the affected individuals.
The information disclosed included names, NRIC numbers, dates of birth, contact details, education and employment information and Singapore chartered accountant qualification examination results of the affected individuals.PHOTO ILLUSTRATION: UNSPLASH

SINGAPORE - The Singapore Accountancy Commission (SAC), a statutory board under the Ministry of Finance, unintentionally disclosed the personal data of 6,541 people to more than 40 recipients over four months this year.

The commission said on Friday (Nov 22) that the leak contained personal information of past and current Singapore chartered accountant qualification candidates, accredited training organisation personnel, and other people involved in the administration of the Singapore chartered accountant qualification programme before May 17.

The information disclosed included names, NRIC numbers, dates of birth, contact details, education and employment information and Singapore chartered accountant qualification examination results of the affected individuals.

The affected individuals were informed of the leak on Friday.

SAC said the folder containing the data was unintentionally attached in e-mails and sent to 41 people in 22 organisations between June 12 and Oct 22.

The e-mails, which were about administrative matters, were sent to 21 accredited training organisations and one vendor.

The incident was discovered on Nov 7, after the commission implemented a new data protection filter as part of the recommendations by the Public Sector Data Security Review Committee.

After discovering the incident, the commission contacted all 22 organisations on Nov 11 and requested them to delete the data folder and determine if the recipients of the folder had forwarded the folder to other people.

In its statement, SAC said all 22 organisations confirmed the data folder and any forwarded data have been deleted.

 
 
 

Affected individuals can contact the commission at SAC_CHECK@sac.gov.sg for queries.

SAC said it has informed the Personal Data Protection Commission of the leak.

“SAC takes a serious view of this incident, and deeply regrets this mistake,” it said.

“SAC will set up a panel to review the incident and make any necessary recommendations.”

The panel will be chaired by Mr Chaly Mah, SAC's chairman, and comprise members from the SAC board, the Smart Nation and Digital Government Office and the Public Service Division.