SINGAPORE: The personal data of 4,297 people has been compromised after part of the Singapore Red Cross (SRC) website was hacked, according to a statement by the organization on Thursday (May 16).
SRC said it had been notified last Wednesday by its web developer to an event of unauthorized access to the part of its website that supported the recruitment of interested blood donors.
Members of the public can identify their interest in donating blood through the website, and then SRC then makes appointments on their behalf.
"The following information about 4,297 individuals who had registered their interest on the website was compromised: Name, contact number, email, declared blood type, date / time of elective appointment and preferred location for blood donations," SRC, adding that there was no other affected information.
He said that his other databases were not compromised, and that the Health Sciences Authority (HSA) systems were not affected by the incident.
The organization made the police report the same day. He also reported on the incident to the Personal Data Protection Commission and the HSA. Police investigations are ongoing, he added.
A weak server password may have left the website vulnerable, says SRC, adding that investigations to determine how the event occurred were continuing.
"There were measures in place to guard against unauthorized access to the website," he said. "While our investigations to determine the nature of unauthorized access remain, our preliminary findings indicate that a weak server password may have left the website open to unauthorized access."
He said he had disconnected the website from access to the Internet, and replaced it with a temporary web page with links to relevant websites as a precaution.
Only when all the security checks have been completed will the website be restored.
External consultants have been employed to carry out forensic investigations and determine the "exact factors" which allowed unauthorized access, he said.
These findings and recommended measures will be reported to the SRC Council (Board) and the SRC will take the necessary steps to strengthen its security measures, together with the advice of the organisation's IT advisory panel.
“Our immediate priority is to ensure that affected individuals and partners are informed, whilst working with the relevant parties to restore and strengthen our IT systems, protect our data, and mitigate any risks in this area. Benjamin William, Chief Executive of the Chief Executive and Chief Executive, Benjamin William, said the future.
"The SRC has started to contact affected individuals. We apologize to our website users that this event could affect their knowledge."