Making news

Singapore Red Cross website hacked, details of 4,000 blood donors leaked

More than 4,000 potential blood donors of Singapore have had their personal information leaked after part of the Singapore Red Cross (SRC)’s website was hacked on May 8.

According to the SRC, this is the latest of a string of data breach incidents affecting health-related organisations in Singapore.
The part of the SRC website affected was the section that recruits people interested in donating blood, it said in a statement on May 16.

The SRC said information of 4,297 individuals who had registered their interest on the website was compromised. Their names, contact numbers, e-mail addresses, declared blood types, preferred appointment dates and times and preferred locations for blood donations were leaked.

The organisation made a police report on the same day and police are investigating the incident.
The organisation has also reported the incident to the Personal Data Protection Commission and the Health Sciences Authority (HSA).

Chief executive officer of the SRC Benjamin William said the organisation has started to contact affected individuals.

Preliminary findings from the SRC's investigations show that a weak administrator password could have left the website vulnerable to unauthorised access.

As one of the world's leading digitized countries, Singapore has become the target of many cyber attacks recently. In July 2018, in the most serious consequences of cyber attack in the Southeast Asian nation, hackers targeted the government's data system and stole information of 1.5 million Singaporeans, including Prime Minister Lee Hsien Loong.

The formal investigation of the case pointed out many shortcomings, including poor computer systems and weak human resources training.