The news was first reported by The Straits Times, the huge trove of data was contained in a database operated by the
People who registered to donate since 1986 in Singapore was exposed because the company left the database unprotected on an Internet for more than two months, since January 4, 2019
“The personal information of more than 800,000 people who have donated or registered to donate blood in Singapore since 1986 was improperly put online by a Health Sciences Authority (HSA) vendor for more than two months, but access to the database was cut off soon after the discovery.” states the article published by The Straits Times.
The Singapore Health Sciences Authority (HSA) was informed of the incident on March 13 by a security expert who discovered the unsecured database on a server exposed online.
The HSA notified the incident to the donors, according to the organizations the SSG was working on a database containing registration data of 808,201 blood donors. Exposed records include name, NRIC, gender, number of blood donations, dates of the last three blood donations, and in some cases, blood type, height,
The database did not contain other sensitive data or other medical info.
The analysis of the log confirmed that only the expert who discovered the archive accessed it in the time frame it remained exposed online, anyway, the investigation is still ongoing.
“Investigations are ongoing. Preliminary findings from
“SSG had placed the information we provided them on an unsecured database in an internet-facing server on 4 Jan 2019 and failed to put in place adequate safeguards to prevent
“We have engaged external
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.