Link to SAF soldiers’ IC numbers, photos posted on Facebook


Darryl Lo

Published: 4:00 AM, March 16, 2017

I refer to the report “Mindef hit by targeted cyber attack” (March 1). While online users may — at an individual level — be vigilant and try to safeguard their personal data by using different passwords for different accounts and changing their passwords every three months, organisations that do not strive to protect personal data ought to be heavily penalised.

Recently, I stumbled upon what looks to be a massive data breach by the Ministry of Defence. On March 11, at around 10pm, the Singapore Armed Forces Basic Military Training Centre (SAF BMTC) published a series of photos of graduating recruits from the January 2017 batch on its Facebook page. In posting those photos, it also shared a document link on Google Drive that displayed the identity-card numbers of the recent graduates, together with their photos.

The link was taken down on March 12.

Such personal data should not be made public. Essentially, hackers do not even have to break into any system to get such data since it was freely shared. The BMTC team responsible for publishing the personal data should be reprimanded.

Until now, no public official has addressed this leak, and I would like to know how much of the data was made public and retrieved by outsiders.

This is a lesson to be learnt.