Skip to main content

Advertisement

Advertisement

Laws passed to criminalise use of stolen personal data

SINGAPORE — Laws were passed yesterday to, among other things, make it illegal for individuals and businesses to make use of illicitly obtained personal data — including credit card or bank account information — as several Members of Parliament (MPs) raised concerns about the robustness of firms’ cyber security measures.

A cyber attack which resulted in the theft of the personal data of about 850 national servicemen and Ministry of Defence (Mindef) employees occurred weeks before it was detected on February 1, Second Defence Minister Ong Ye Kung told Parliament on Monday (Apr 3). Photo: Ministry of Defence

A cyber attack which resulted in the theft of the personal data of about 850 national servicemen and Ministry of Defence (Mindef) employees occurred weeks before it was detected on February 1, Second Defence Minister Ong Ye Kung told Parliament on Monday (Apr 3). Photo: Ministry of Defence

Follow TODAY on WhatsApp

SINGAPORE — Laws were passed yesterday to, among other things, make it illegal for individuals and businesses to make use of illicitly obtained personal data — including credit card or bank account information — as several Members of Parliament (MPs) raised concerns about the robustness of firms’ cyber security measures.

The MPs suggested making it mandatory for companies to report cyber attacks, and called for greater support for businesses to beef up their capabilities in dealing with such incidents. More individuals in both the public and private sectors should also be trained in cyber security, they said.

Among the changes, the Computer Misuse and Cybersecurity Act was amended to stipulate that cyber criminals who launch attacks from abroad that cause “serious harm” to Singapore — such as disrupting essential services — will be dealt with. The act of obtaining, making or supplying hacking tools such as physical devices or software was also made illegal.

Prior to the passing of the Bill, Senior Minister of State (Home Affairs) Desmond Lee noted that the laws previously prosecuted culprits who illegally obtained personal data. However, “there may be other ‘middlemen’ individuals, who may trade in such personal information, but who are not directly involved in the hacking or cheating offences”, Mr Lee said. For example, criminals may run a website buying and selling hacked credit card information online. He stressed that it would not be an offence if people use such information for legitimate purposes, or did not have cause to believe it was obtained through illegal means.

Nominated Member of Parliament (NMP) Thomas Chua called on businesses to be vigilant and “to avoid being made use of unwittingly”.

Calling for more training to be made available to businesses, he said: “In the area of cyber usage and security, government agencies have already accumulated a wealth of experience. In comparison, businesses’ risk awareness and digital capability (are) obviously lacking. But in the cyber world, enterprises can also become the target of cyber attacks.”

Agreeing, fellow NMP K Thanaletchimi added: “How well are these companies protected? Do these companies see the importance of it and invest adequately in cyber security? Will there be support and assistance for companies in instituting a holistic approach to protecting their cyber security system from cyber crime?”

She also asked if key infrastructure operators such as those in the energy, finance and transport sectors would be required to report cyber breaches when they occur.

In response, Mr Lee noted that the Cybersecurity Bill, which is expected to be tabled later this year, will ensure that owners and operators of “critical information infrastructure” take proactive steps to secure their systems and networks, and report incidents.

Meanwhile, the Government has been running an awareness campaign which brings the public and private sectors together to promote the adoption of essential cyber security practices. The Singapore Computer Emergency Response Team also provides advisory to businesses to pre-empt and prevent cyber attacks, he said.

By the third quarter of this year, businesses will be able to get in-person help at the new SME Digital Tech Hub, which will provide technical advice to small and medium enterprises with more advanced digital needs, including cyber security, Mr Lee added.

Read more of the latest in

Advertisement

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.