The Singapore Accountancy Commission (SAC) revealed today (22 Nov) that it accidentally leaked the personal data of 6,541 individuals over a period of four months this year.
The data was not leaked in a cyber-attack – it was unintentionally disclosed after a folder containing the data was accidentally attached in emails about administrative matters and sent to 41 recipients in 21 accredited training firms and one vendor organisation between 12 June and 22 Oct.
The leaked information includes the names, NRIC numbers, dates of birth, contact information, education and employment records and Singapore chartered accountant qualification examination results of past and current Singapore chartered accountant qualification candidates, accredited training organisation personnel, and others involved in the administration of the Singapore chartered account qualification programme before 17 May.
SAC discovered the data leak on 7 Nov after implementing a new data protection filter, according to the recommendations set out by the Public Sector Data Security Review Committee.
After discovering the leak, the authority requested all 22 firms that received the confidential data to delete the contents of the folder and investigate whether the data was forwarded to others. The SAC said today that all 22 firms have confirmed that the data folder and forwarded content have all been deleted.
Revealing that it has informed the Personal Data Protection Commission about the incident, the SAC said in a press statement: “SAC takes a serious view of this incident, and deeply regrets this mistake. SAC will set up a panel to review the incident and make any necessary recommendations.”
Affected individuals can contact SAC at SAC_CHECK@sac.gov.sg for further information. -/TISG