Personal data of 4,000 people from SAM website leaked online

[StarshipTroopers]

Updated: 11/20/2013 17:26 | By Channel NewsAsia

Personal data of 4,000 people from SAM website leaked online

SINGAPORE: The Singapore Art Museum (SAM) said the contact information of some 4,000 people kept in a data file on its website have been illegally published and uploaded to an overseas server in New Zealand.

In a statement issued on Wednesday, SAM said the Infocomm Development Authority of Singapore (IDA) alerted it of the situation on November 5, 2013.

A group has claimed online to have released the contact details of over 3,600 people from a Singapore website, though it did not specify the site.

Upon receiving IDA’s alert, SAM said it immediately removed the data file from its website and filed a police report.

IDA also notified the administrator of the overseas website, and the webpage with the data file was taken down from that site within two hours.

The incident has not been classified as online hacking, but TODAY understands that the police are not ruling out that possibility.

The information in the data file, which included names, email addresses, phone numbers and in some instances, nationalities, had been compiled from individuals who had previously taken part in the museum's events in 2011 and 2013.

SAM said it could not disclose the data leakage to the public earlier as the agencies needed time to verify and establish the extent of the incident.

The museum said investigations are ongoing.

It has reviewed and removed all data that is not required on its website, and conducted back-end scans to harden the systems where possible.

SAM also said it has contacted each of the affected individuals to inform them of the illegally published information, and to apologise.

Rosa Daniel, deputy secretary (Culture) at the Ministry of Culture, Community and Youth (MCCY), said: "What this incident has of course pointed to, is the need for us to be constantly vigilant and to take strong measures to safeguard our information.

“The Singapore Art Museum is doing what it can now to enhance its systems and its processes. And what we want to do now is really to focus on the affected subscribers.

“We have alerted them, we have reached out to all 4,000 of the affected subscribers, and we have our system in place for them to contact us, whether it's via email of whether it's by phone, and we are also prepared for those who need to see us to be there to address their interests."

Dr Susie Lingham, director of SAM, said: "We take this matter very seriously. Together with our parent ministry MCCY and the relevant authorities, we are doing everything possible to track down how this happened and prevent any similar future compromise of personal data."

It is understood that additional safeguards are being put in place, such as managing sensitive data internally, and more regular vulnerability scanning of servers and applications. - CNA/TODAY/nd