Singapore Red Cross faces data breach after website hack

Singapore Red Cross (SRC) has been hacked, compromising personal data of 4,297 interested donors, confirmed the organisation in a media statement. SRC said that its web developer detected authorised access to the part of its website supporting the recruitment of blood donors on Wednesday.

Compromised information comprises name, contact number, email, declared blood type, preferred appointment date/time, and preferred location for blood donations. However, SRC said that its other databases and the Health Sciences Authority’s systems were also unaffected by the incident.

This comes right on the heels of the data leak of over 800,000 blood donors in Singapore in January due to mishandling of data by a vendor of the Health Sciences Authority.

A check by Marketing on its website saw that it is currently under maintenance and has been replaced with a temporary webpage. SRC added that the organisation has disconnected the website from internet access and will only reinstate it after security checks have concluded. While investigations are still on going, preliminary findings showed that a weak administrator password could have left the website vulnerable.

Meanwhile, external consultants have also been engaged to conduct forensic investigations to determine the exact factors that allowed the unauthorised access to the website. The findings and measures to be taken will be reported to the SRC Council. SRC’s Secretary General and CEO Benjamin William said, “Our immediate priority is to ensure affected individuals and partners are notified, while working with the relevant parties to restore and strengthen our IT systems, safeguard our data, and mitigate any future risks.”

There has been a rise of healthcare data breaches in Singapore of late. Confidential information of over 14,000 HIV patients was also recently leaked online by an “unauthorised person”, said
Ministry of Health. The perpetrator was later found to be Mikhy K Farrera Brochez, the partner of the ministry’s National Public Health Unit former head. Last year, the government saw the major cyberattack in July that infiltrated over 1.5 million patient personal particulars and outpatient dispensed medicines in the SingHealth database.

Individuals to play a part

Meanwhile, corporations are not the only ones vulnerable to data breaches. According to a new report cybersecurity software firm ESET, 58% of APAC respondents had experienced a data breach in the past 12 months. The top response for the type of breach that respondents suffered from the most was virus attacks (25%).

One reason could be consumers’ superficial understanding of cyberthreats, said ESET Asia chief operating officer Lukas Raska. However, he said that it is reassuring that consumers have a willingness to learn, with 78% of APAC respondents indicating that they would be open to receiving more information about cybersecurity.

“Like a double-edged sword, the evolutionary use of data comes hand-in-hand with cyberthreats, which are increasingly getting sophisticated. It is therefore imperative that consumers are educated about the growing threats, and the steps they can take to protect themselves online as well as offline,” added Raska.

Of the seven countries that were part of the ESET APAC Consumer Behaviour Survey, Thailand had the highest occurrence of data breaches, with 44% of respondents attributing this to virus attacks. In addition, Thai nationals topped the charts when it came to spending time online, with 32% of respondents spending more than ten hours a day on the internet. In comparison with the rest of the countries, only 13% of respondents spend more than ten hours a day on the internet.

The survey was conducted to understand consumer’s behaviour online, and their attitudes towards cybersecurity in light of the recent cases of data compromises. Hong Kong, India, Indonesia, Malaysia, Singapore, Taiwan and Thailand participated in the survey, with 2,000 respondents each. Overall, respondents were 52% male and 48% female, with a majority aged between 18-24 years old, followed by the range of 25-34 years.