Job-Matching Service Data Compromised by a Security Breach

The personal details belonging to 30,000 individuals based in Singapore may have been illegally accessed after a security breach targeted a third-party vendor of a job-matching organization called Employment and Employability Institute. The leaked data included names, identification numbers, contact information, educational qualifications, and employment history.

The e2i purpose is to bring together and connect employers and workers by offering various services like job-matching, skills training, and career guidance. The institute started off as an intiative of the National Trades Union Congress (NTUC), the country’s trade union confederation that comprises, amongst others, 59 unions and five associations.

The police, Personal Data Protection Commission (PDPC), and Cyber Security Agency’s Singapore Computer Emergency Response Team were notified of the breach.

E2i urged those affected by the data breach to be vigilant regarding any suspicious activities or requests, as well as to any phishing attempts and any suspicious activities or requests, whilst keeping in mind that the scammer could have unauthorized access to personal data and may contact them by pretending to be from e2i.

It seems that the users affected by the breach have participated in events organized by e2i or used the institute’s services between November 2018 and 12 March 2021.

They accessed job fairs, employability workshops, or career coaching, therefore their personal data were shared with appointed vendors for “relevant employability services purposes”.

The breach was announced after three weeks as e2i declared on Monday that it had “taken time” to make an impact assessment given the “complexity” of investigations.

Your perimeter network is vulnerable to sophisticated attacks.

Heimdal™ Threat Prevention
– Network

Is the next-generation network protection and response
solution that will keep your systems safe.

• No need to deploy it on your endpoints;
• Protects any entry point into the organization, including BYODs;
• Stops even hidden threats using AI and your network traffic log;
• Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;

It seems that a malware had infected the email account of an employee at the third-party vendor, this being the first step towards the unauthorized access in the mailbox, in which was found the personal data of the affected 30,000 individuals, which were notified of the breach via email, SMS, or phone.

E2i worked with the third-party provider in order to determine the extent and nature of the data breach and deployed “mitigation measures” meant to strengthen the security of the email and network systems, whilst also saying that “constant checks” would be carried out on both systems to identify any further potential vulnerabilities.

Although the malware did not target at e2i directly, cybersecurity threats are real and the protection of personal data is of top priority to us.

Source

This is the latest incident in which a third-party sufferers a breach that has the potential to impact local organizations, compromising sensitive personal data.