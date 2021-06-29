The databases of a vendor linked to the Municipal Services Office's (MSO) OneService app have been hacked but users were not affected.

MSO said in a statement yesterday that no data which could lead to the identification of people, including case details, was stored in these databases.

There was also no anonymised data of users and no profiles of people in the hacked databases.

MSO was alerted on June 19 that the vendor Apptitude, which develops Web and mobile applications, was the subject of a cyber incident.

Apptitude is in charge of sending push notifications to the OneService app on behalf of MSO. The app itself allows the public to report municipal matters.

Hackers had completely deleted two of the vendor's databases and demanded a ransom of 0.015 bitcoin ($689) per database. Apptitude did not pay.

So far, MSO said, it has not received reports that the data has been sold online, adding that it is monitoring the situation.

The first deleted database contained dummy data for testing, such as for templated push notification messages. The second one contained actual data on devices and past notification messages.

Apptitude said that the information in the databases was not sensitive and was related to routine announcements.

These include regular Pollutant Standards Index (PSI) updates, heavy rain alerts, dengue zone alerts and lift status updates.

MSO added that the compromised data included that generated by tech firms Google and Apple for receiving push notifications, as well as push notification dates and times.

The OneService app's system and its users were not affected, said the office, and there are no indications that the hackers got into its information technology systems or the vendor's other systems.

MSO said it worked with Apptitude to immediately switch off the push notification system and put in place additional measures to strengthen its security.

As the deleted data was backed up, the vendor was able to recover it.

MSO added that it undertook further steps and "will continue to monitor its systems for potential threats and vulnerabilities".

The OneService app uses secure communications that encrypt data exchanged with MSO's vendors, the office said, adding that its systems undergo "stringent security scans to detect and mitigate risks".

The incident is being investigated.

Mr Jeffrey Kok from cyber-security firm CyberArk said there is an ongoing trend for hackers to target software suppliers to gain access to organisations which use their services.

"The unanswered question is the intent of those behind the (latest) attack and what they were trying to achieve," said Mr Kok, who is CyberArk's vice-president of solution engineers for the Asia-Pacific and Japan.