Singapore residents’ IDs exposed by breach of government online services

Investigations by the Infocomm Development Authority of Singapore found that 1,560 SingPass accounts belonging to citizens and foreigners might have been “accessed without the users’ permission,” agency officials stated.

The regulators said they were first notified of the breach on 6/2, when SingPass’s operator, CrimsonLogic, reported that some users received a password-reset notification letter despite not requesting for their passwords to be replaced.

The regulators then found “an anomaly” between the number of mobile-phone numbers associated to the affected SingPass accounts, and filed a police report on 6/3.

 “SingPass allows users to perform online transactions with the government, such as filing statements and reviewing records for personal income tax and pensions,” the Journal reports. “The service is available for Singaporean citizens, permanent residents and foreigners performing mainly professional and medium-skilled work.”

Apparently regulators now are considering using a two-factor authentication process for government-related online transactions.

The feature would prevent unauthorized users from accessing an account with only a stolen password.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.