State Courts’ criminal case management system accessed without authorisation, files not tampered with

SINGAPORE — In the first such incident of its kind, more than 200 case files belonging to the State Courts have been accessed without authorisation due to a system loophole.  

However, they were not tampered with, nor was this a hacking incident, said the State Courts.

In a media release on Wednesday (Nov 28), the State Courts said it was alerted to a “possible vulnerability” in its Integrated Criminal Case Filing and Management System (ICMS) on Nov 1.

The ICMS is used to manage cases for the conduct of criminal proceedings.

After investigations, it was revealed that 223 cases files had been accessed by up to nine persons without authorisation, over the course of this year.

Responding to TODAY’s queries, a State Courts spokesperson stressed that this was “not a hacking incident”.

“We do not currently have reason to believe that the unauthorised access activities were coordinated,” the spokesperson added.

“Immediate steps were taken to fix the vulnerability. The e-case files had not been tampered with, and the integrity of ongoing proceedings were not affected.”

The ICMS has an accused person access portal that can only be accessed by this group, provided that individual has a valid account, and through SingPass authentication.

“Preliminary findings show that the accused persons in question had exploited a loophole in the ICMS system which allowed them to view court documents in other e-case files,” added the State Courts.

Of the case files accessed, a large majority — some 89 per cent of them — were concluded cases. The remaining 11 per cent were ongoing cases.

Data accessed included names, addresses, personal identity information, offence information, as well as case outcomes.

As of Nov 9, the State Courts and their system vendor had beefed up security measures for the ICMS system.

The State Courts spokesperson said that once the cause was identified, the loophole was patched within 12 hours.

This is the first time that the State Courts has encountered such an incident.

“We have conducted a review and this vulnerability is not found in our other online case filing management systems,” the spokesperson told TODAY.

Police investigations are ongoing.