SINGAPORE: A “technical issue” caused the personal information of 3,320 people, including their names and numbers, to be sent to 18 unintended recipients on Jan 21, according to the Council for Estate Agencies (CEA). The CEA, Singapore’s property agent regulator, said it learned about the data leak shortly before midday on Jan 22, according to a report in The Straits Times.
The issue occurred within CEA’s information technology system and inadvertently disclosed the names and NRIC numbers of 3,320 people who had registered for the Real Estate Salesperson examination in March 2024 or the Real Estate Agency examinations in April 2024.
By Jan 24, the CEA informed those whose names and numbers had been leaked. It apologized for having disclosed the personal data and told those involved about the steps it would take in the aftermath of the leak.
Contact information, including phone numbers or email addresses, was not disclosed in the data leak, the CEA told CNA on Sunday (Jan 26). The council is now carrying out a thorough review of its processes and systems with its vendor to avoid similar instances from occurring. The council added that it will enhance its monitoring capabilities and data security measures, CNA reported.
“We take data privacy seriously and sincerely apologize for this lapse. We are committed to strengthening our internal processes to ensure the safeguard of privacy and security of data entrusted to us,” the council said.
The council added that it acted at once to disable the system function behind the “technical issue.” It has also started a probe to look into the root cause of the issue.
CNA quotes the CEA as saying, “Preliminary investigations indicate that this is an isolated incident arising from a technical issue in our IT system. The system has since been secured, and recovery steps have been taken to contain it.”
The 18 people who had erroneously received the information were also contacted by the CEA right away. They include former and current property agents, as well as former candidates for the real estate salesperson exam. The CEA added that the recipients have since deleted the email without forwarding or using the information it contained.
“We take impersonation very seriously and will act firmly against any attempts to misuse personal data,” ST quotes the council as saying.
The data leak was first reported in the Chinese language daily Lianhe Zaobao. /TISG
Read also: MBS reported data leak in line with PDPC requirements: Josephine Teo