Enforcement and breach details

Enforcement and breach details, ST 23/04/2016

K BOX ENTERTAINMENT GROUP

The karaoke chain received the heaviest fine of $50,000 and was directed to appoint a data protection officer, a must-have under the law. The enforcement was for a data breach involving 317,000 customers, resulting in their names, contact numbers and home addresses being posted on file-sharing website pastebin.com in September 2014.

Lax security measures caused the breach. For instance, access to its computers was protected by weak passwords comprising only one letter of the alphabet.

FINANTECH HOLDING

K Box’s IT vendor was fined $10,000 for failing to update K Box’s systems with the latest, most secure software and for lax security procedures. For instance, the system administrator’s account password was simply “admin”.

INSTITUTION OF ENGINEERS SINGAPORE

The Institution of Engineers Singapore was fined $10,000 for failing to put in place adequate security measures, resulting in the wrongful disclosure of the names, and e-mail and residential addresses of 4,000 members on pastebin.com.

FEI FAH MEDICAL MANUFACTURING

The health supplements supplier was fined $5,000 for failing to secure its online databases, resulting in the wrongful disclosure of the usernames, passwords, contact numbers and e-mail addresses of more than 900 customers on pastebin.com.

UNIVERSAL TRAVEL CORPORATION

The tour agency was directed to strengthen its data protection policy and send staff to be educated on the requirements of the law, although the tour agency was not fined. Its staff had shared the names, nationalities, dates of birth and passport numbers of 37 customers with four individuals within this tour group.

CHALLENGER TECHNOLOGIES

The IT retail chain was warned for not checking that its IT vendor had sent e-mail updates about the membership details of 165,000 people to the right recipients, resulting in the wrongful disclosure of members’ names and points.

XIRLYNX INNOVATIONS

Challenger’s IT vendor Xirlynx Innovations was warned for not having the proper checks in place for e-mail communications.

FULL HOUSE COMMUNICATIONS

The home exhibition organiser was warned for not ensuring that its computer system for registering individuals in a lucky draw properly secured the names and details of people who had entered their information.

METRO

Metro megastore was warned for not securing its website and content management system properly, leading to a data leak involving 445 customers.

SINGAPORE COMPUTER SOCIETY

The society was warned for mistakenly sending a document containing the names, identity card numbers and business contact numbers of 214 individuals to these 214 individuals without proper checks.

YESTUITION AGENCY

Yestuition Agency was warned for mistakenly publishing on its website the identity card numbers of 30 tutors, without their consent.

Irene Tham

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: