Singaporean Ministry of Defence suffers security breach, 850 affected

News by Roi Perez

The ministry said the cyber-attack seemed "targeted and carefully planned" and guessed the perpetrators may have wanted "access to official secrets", but this was prevented by the physical separation of I-net kiosks from the rest of the network.

The Singaporean Ministry of Defence (Mindef) has revealed that a security breach earlier in the month resulted in the loss of personal information related to 850 of its employees.  

The ministry identified a breach in its I-net system, a dedicated system of internet kiosks, which are located within the ministry building and used by employees to surf the web and conduct private conversations.

The lost personal information was used to manage user accounts and was stored on I-net. Everyone affected by the breach had been notified and instructed to change their passwords on I-net and other systems if they had used the same passwords to access those services. Data stolen in the breach includes national identification numbers, telephone numbers and dates of birth.

Mindef said the dedicated internet kiosks are located within the ministry building as well as at Singapore Armed Forces camps and premises. However, the I-net system did not contain any classified military information which is stored on a separate system with no connection to the internet.

Mindef said I-net was disconnected once the breach was detected and forensic investigators are assessing the damage. As an added precaution, the ministry said it investigated all other systems within Mindef and the armed forces.

The ministry says it is working with Singapore's cyber-security agency and the government's CIO department to investigate other public sector systems, as precautionary measure.

While investigating, the ministry said the cyber-attack seemed "targeted and carefully planned". 

"The real purpose may have been to gain access to official secrets, but this was prevented by the physical separation of I-net from our internal systems," it said.

The ministry said it would continue to provide internet kiosks as its employees and national servicemen required online access.

The Singapore government hit the headlines last June when it announced plans to remove internet access from all workstations used by employees in the public sector, a network of 100,000 computers.

Government employees instead would have online access only on dedicated terminals or rely on their own personal mobile devices, which would not be connected to government email systems. 


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop