SINGAPORE - The names and NRIC numbers of more than 3,000 individuals were sent to 18 unintended recipients on Jan 21 due to a “technical issue” in the information technology system of the Council for Estate Agencies (CEA).
In response to The Straits Times’ queries, CEA said on Jan 26 that it discovered the data leak at 11.21am on Jan 22.
The incident resulted in the inadvertent disclosure of a set of data containing 3,320 names and NRIC numbers belonging to those who had previously registered for the March 2024 Real Estate Salesperson or April 2024 Real Estate Agency examinations.
“No contact information such as phone numbers or e-mail addresses were disclosed,” said CEA, the statutory board that regulates and develops the real estate agency industry here.
The agency said it has written to all affected individuals to inform them of the incident and its follow-up actions, and to apologise to them.
It has also contacted the 18 unintended recipients, who are property agents, former property agents, and previous exam candidates for the Real Estate Salesperson examination.
They have since deleted the e-mail and its contents, without forwarding or using the data, the agency said.
CEA added that it immediately disabled the affected system function and launched a probe to identify the root cause.
According to its preliminary investigations, the agency determined the data leak to be an isolated incident.
“The IT system in which the issue occurred has since been secured, and recovery steps have been taken to contain it,” said CEA.
[[nid:713465]]
The agency added that it is reviewing its systems and processes with its vendor to prevent a recurrence.
“We take data privacy seriously and sincerely apologise for this lapse. We are committed to strengthening our internal processes to ensure the safeguard of privacy and security of data entrusted to us,” it said.
CEA added that if affected individuals suspect their personal data may have been misused, they can contact the agency immediately.
“We take impersonation very seriously and will act firmly against any attempts to misuse personal data,” it said.
The Straits Times has contacted the Ministry of Digital Development and Information for comment.
This article was first published in The Straits Times. Permission required for reproduction.
