Personal data of over 3,300 individuals leaked after IT 'technical issue' at regulator for property agents
The leaked information, comprising 3,320 names and NRIC numbers, was sent to 18 unintended recipients on Jan 21, said the Council for Estate Agencies (CEA).
This audio is generated by an AI tool.
SINGAPORE: A "technical issue" with the IT system used by the Council for Estate Agencies (CEA) has resulted in the data leak of personal data belonging to more than 3,300 individuals.
A spokesperson for the industry regulator told CNA on Sunday (Jan 26) the technical issue with its IT system was discovered at about 11.21am on Jan 22.
The leaked information, comprising 3,320 names and National Registration Identity Card (NRIC) numbers, was sent to 18 unintended recipients the night before, CEA said.
All of the data belonged to "individuals who had previously registered for the March 2024 real estate salesperson or April 2024 real estate agency examinations", it added.
No contact information such as phone numbers or email addresses were disclosed, CEA stressed. The incident was first reported by Chinese-language newspaper Lianhe Zaobao.
CEA said it took immediate action to disable the affected system function and launched a full investigation to identify the root cause.
"Preliminary investigations indicate that this is an isolated incident arising from a technical issue in our IT system," it added.
"The system has since been secured and recovery steps have been taken to contain it."
CEA said that it had contacted the 18 recipients as soon as the issue was reported.
Current and former property agents, as well as previous candidates for the real estate salesperson examination were among the individuals who had received the "unintended" email.
The 18 recipients deleted the email and its contents "without forwarding or using the data", according to CEA.
AFFECTED INDIVIDUALS NOTIFIED
On the incident, CEA notified the 3,320 individuals, whose data was disclosed, two times on Jan 24 - at 4.51pm and 4.55pm.
The council said it had also apologised for the data leak and informed those affected of its follow-up actions.
CEA said it is conducting a "comprehensive" review of its systems and processes with its vendor to prevent a recurrence as part of its recovery response.
It will also enhance its monitoring capabilities and data security measures to prevent any risks of system errors.
CEA reiterated that it takes data privacy seriously and it is committed to strengthening its internal processes to "ensure the safeguard of privacy and security of data entrusted to us".
