The Singapore Red Cross (SRC) is the latest victim of a cybersecurity breach, which compromised more than 4,000 personal data of potential blood donors.
The breach was discovered by SRC’s web developer who alerted the organisation on unauthorised access to their database, which was used to store information of donors who expressed interests in donating their blood.
According to a report by Channel NewsAsia, SRC said:
“The following information of 4,297 individuals who had registered their interest on the website was compromised: Name, contact number, email, declared blood type, preferred appointment date/time and preferred location for blood donations.”
SRC stressed that no other information or database was affected by the security breach.
Investigations are currently ongoing but SRC suspects that a weak password could be the probable cause of the hack.
SRC has started contacting the affected individuals and apologise to all users for the incident.
Currently, the main Singapore Red Cross website has been taken offline, leaving a temporary page with the essential links for public access.
Commenting on data breaches in Singapore, Aaron Bugal, Global Solutions Engineer at Sophos said:
“While Singapore has upheld its exceptional reputation for cyber safety, there’s no predicting the magnitude of cyberattacks – especially in the healthcare sector. As this breach is very similar to last year’s SingHealth Data breach, where thousands of identities were stolen, it only makes clear that healthcare data is extremely attractive to cybercriminals as it is lucrative for cyberthieves to sell the data on the black market. These situations of data breaches only emphasize that everyone is at risk of getting their data stolen and sold on the dark web.
While it is almost impossible to protect all your data all the time, the best way to do so is to be vigilant and never be complacent by thinking that you’ll never be the victim of a data breach incident. Regardless of whether this most recent attack was carried out by a cybercrime gang or was a state-sponsored attack, you won’t get your personal data back, and it won’t change the fact that you can’t control who gets it next.
The best thing for you to do is to maintain a vigilant review of your online accounts and keep your eyes open for any attempt to abuse your personal data in the future.”