Ministry of National Development's OneService app vendor hit with cyber incident

The Ministry of National Development's Municipal Services Office (MSO) was recently alerted to a cyber incident on the databases of one of its vendors, Apptitude. MSO told MARKETING-INTERACTIVE in a statement that the incident involved "a malicious actor" deleting data relevant to push notifications for MSO's OneService app (OS app) such as device types and past push notifications messages. MSO clarified that the OS app system and its users were not affected.

Once alerted, MSO said it had worked with Apptitude to immediately switch off the push notification system and put in place additional measures to strengthen its security. MSO has also undertaken other further precautions and will continue to monitor its systems for potential threats and vulnerabilities. Investigations on how the incident might have occurred are ongoing.

In addition, no personally identifiable information including case details were stored in the compromised databases. According to MSO, the compromised databases cannot be used to identify OS app users or impersonate MSO or OneService to send out push notifications to the OS app users.

The OS app was launched in 2015 and offers members of the public a convenient way to report their feedback on municipal issues without having to find out which government agency is responsible for it. Last year, MSO was on the hunt for a marketing agency to develop a campaign encompassing advertising, direct marketing, digital and social media, on-ground activation, events, partnerships, through-the-line collateral support and other related services. The campaign came after MSO saw the need to promote the OS app and build awareness around it. It also wanted to encourage citizens to download and use the app. According to the tender, the campaign aimed to achieve at least 90,000 downloads by the end of last year.