Personal information such as names, birthdays, NRIC numbers, contact information, education and employment details, as well as Singapore chartered accountant qualification exam results were among the information “inadvertently” revealed by the Singapore Accountancy Commission (SAC).
The SAC is a statutory body under the Ministry of Finance.
The data leak occurred between June to October 2019 and involved a folder containing the personal information of 6,541 chartered accountant qualification candidates,
Accredited Training Organisations (ATO) employees, and other administrative staff involved in the programme before May 17, 2019.
The folder was accidentally attached to an email and sent out to several parties due to 41 people in 22 organizations due to a “security lapse.”
The emails were sent to the accredited training organisations and were intended to “inform them of administrative matters” according to a statement by the SAC.
The leak was only revealed on Nov 7 when the SAC recently implemented a data protection filter in its email system.
The SAC stated that it reached out to the 22 organisations to request them to delete the data folder. They also asked for the organisations to check whether the data folder has been forwarded to other parties.
“The SAC has also notified the Personal Data Protection Commission about the incident,” they said.
As reported by ZDNet, SAC reached out to the affected individuals but did not inform the Cyber Security Agency about the leak considering that the incident is “not cyber-related.”
“The SAC takes a serious view of this Incident and deeply regrets this mistake. The SAC will set up a panel to review the incident and make any necessary recommendations.”/TISG