1,355 NUS Society members' personal data stolen, possibly put on sale on Dark Web, Latest Singapore News - The New Paper

1,355 NUS Society members' personal data stolen, possibly put on sale on Dark Web

This article is more than 12 months old

SINGAPORE - The personal data of 1,355 National University of Singapore Society (NUSS) members has been stolen after the society's website was hacked early last month, NUSS said on Monday (Nov 1). 

Asked if the names of members were also stolen, NUSS would only say that NRIC numbers which match the names of 1,355 members had been accessed.

Other information potentially stolen included food and beverage orders, restaurant and event registrations, and feedback sent through the NUSS website. 

The data was taken from NUSS' website, which was hosted by a third party Web hosting provider. 

Investigations found that the hacker had carried out a sophisticated attack on the society's website on Oct 6 and 7, and downloaded some data stored on the NUSS Web server. 

NUSS added that it is actively reviewing its security measures and processes to ensure an incident like this cannot happen again. The matter has been reported to the Personal Data Protection Commission and the police. 

The maximum fine for a data breach is $1 million. But organisations can soon be fined more - up to 10 per cent of their annual turnover in Singapore, or $1 million, whichever is higher. The higher fine is slated to take effect at least 12 months from Feb 1 this year.

Members should notify sellers or service providers immediately if they receive goods or services they did not order, or get notifications for them. This is because cyber criminals could try to trick victims into giving up more information, said NUSS. 

Crooks could attempt to contact members through e mail and SMS messages, or through phone calls by posing as representatives from a government authority or business.