Data of 70,000 people compromised in cybersecurity incident involving SLA’s vendor IBM
Data of 70,000 people compromised in cybersecurity incident involving SLA’s vendor IBM
https://www.channelnewsasia.com/singapore/ibm-sla-data-breach-70000-people-cybersecurity-6229876
Publish Date: 2026-07-03 23:53:00
Source Domain: www.channelnewsasia.com
Using an unordered list, summarize the following article with between 4 and 8 key points. SINGAPORE: Personal data of about 70,000 people was compromised following a cybersecurity incident involving the Singapore Land Authority (SLA) and a cloud environment managed by its vendor IBM.In a media release on Friday (Jul 3), SLA said the incident involved unauthorised access to a data set created for vendor development and testing.IBM manages the development and systems-integration testing environment for the Singapore Titles Automated Registration System (STARS) and eLodgment System (ELS). The web-based system allows lawyers, government agencies and authorised individuals to submit documents relating to property transfers and caveats.In response to CNA’s queries, SLA said IBM first notified it on Jun 12 of a “security incident” involving the IBM-managed cloud environment.
The company subsequently informed SLA on Jun 15 that there may have been unauthorised access to personal information.SLA said it then immediately examined the affected data set. Preliminary investigations showed that the compromised dataset, created in 1998 for testing purposes and updated periodically over the years, was intended to contain only mock and anonymised data based on property ownership and lodgment records.However, it was found to contain real information such as names, NRIC numbers and past property addresses of about 70,000 people.”This information should have been anonymised but was not,” SLA said. “Investigations are ongoing to determine how this occurred.””As the data set was created in 1998, the majority of the addresses are not the current place of residence of the affected individuals,” it added.The affected environment managed by IBM is separate from SLA’s operational systems.“There is no connection or compromise to the live systems used for operations of STARS, ELS or any other SLA systems,” the agency said. “Property ownership and lodgment records in STARS and ELS remain secure and unaffected.”IBM has since revoked access to the affected system to prevent further unauthorised entry.As a precaution, SLA has begun notifying affected individuals and advising them on steps they can take for assistance.The authority said it aims to notify all affected individuals by the end of next week.“SLA is working closely with IBM, the Government Technology Agency of Singapore and the Cyber Security Agency of Singapore to investigate the incident, establish the full facts and ensure that the necessary remedial measures are taken,” the authority said.It has also lodged a police report and notified the Personal Data Protection Commission. The police said investigations are ongoing.“As investigations are ongoing, we advise members of the public to remain vigilant against phishing emails, phishing websites, text messages or telephone calls from parties claiming to represent government agencies or other organisations,” SLA said, apologising for the concern and inconvenience caused.In response to queries from CNA, an IBM spokesperson said the company was working in partnership with SLA in the investigation into the matter.”As this investigation is ongoing, we will not be able to provide any additional details at this time,” the spokesperson said.