Date: July 26, 2018
Yesterday 25 July 2018, SIAS was informed by officers from Cyber Security Agency (CSA) about a tip-off email that the database relating to our memberships, consisting of their name, NRIC no. and telephone no. of 2013 could have been breached and the data leaked. The breach affected about 70,000 members in our database. The breach could have potentially occurred through access of the database from the SIAS membership login page from our website. This could have be done by means of an SQL injection. This means that a code could have been injected into the username field, and it would have returned information from the database. CSA informed us after they were alerted of this on 24 Jul 2018. We are currently working with our IT vendor to investigate the breach and work towards securing our system.
To prevent any further potential breach, we have immediately implemented the following:
1. Taken down the current website;
2. Commenced scrubbing the website for any malware before migration of any data;
3. We will launch a completely new website, without access to the member database, in two days;
4. Discontinue any access of the membership database to and from the internet – it will be on standalone system (the system is currently offline and not accessible). We are also exploring additional security measures for access to the database.
When SIAS first learnt of the breach of our members’ data, we immediately alerted members of the breach and illegal leak of members data to all SIAS members by email. SIAS, since 2013, has not received any feedback or information from members that the hacking has adversely impacted on them. Notwithstanding, we apologize for the service disruption and for any distress that the breach may have caused that is not yet known. While we conduct investigations with our IT vendor, we deeply apologies to members for any inconvenienced caused during this period of investigations. Members can call SIAS on 62272683 or email admin@sias.org.sg to register for workshop, courses or other activities. As this is not acceptable, we are now taking action to put in measures to disallow any hacking into our membership database.
