Seven arrested over unauthorised address changes using ICA online service
The seven suspects are believed to be responsible for at least 30 such cases.
The Immigration and Checkpoints Authority (ICA) Building in Singapore. (File photo: ICA)
This audio is generated by an AI tool.
SINGAPORE: Seven people have been arrested in connection with a series of unauthorised attempts to change registered residential addresses through an Immigration & Checkpoints Authority's (ICA) e-service, the police said on Tuesday (Jan 14).
The arrests come after ICA revealed on Jan 11 that perpetrators were exploiting stolen or compromised Singpass accounts to fraudulently alter the addresses of unsuspecting victims.
More than 60 officers from the Criminal Investigation Department and Police Intelligence Department were involved in island-wide operations between Jan 11 and Jan 13 to conduct the arrests.
The seven suspects - six men and one woman aged between 19 and 32 - are believed to be responsible for at least 30 cases of attempted unauthorised address changes.
Six of them are being investigated for potentially violating the Computer Misuse Act 1993, facing charges of unlawful disclosure of access codes. One suspect is facing potential charges under the same act for unlawfully disclosing a Singpass password or access code.
Some of the suspects are also being investigated by ICA for alleged breaches of Regulation 20(a) of the National Registration Regulations.
The offences carry jail sentences of up to three years, fines, or both.
SERVICE PARTIALLY RESTORED
In a separate news release, ICA said it has resumed the electronic change of address (eCOA) service for the "Myself" module, with additional security measures in place. The "Myself and my family members" and "Others" modules remain suspended.
Those accessing the “Myself” module will now be required to additionally perform face verification when logging in using their Singpass account.
As of Monday, investigations have uncovered 87 attempts to change residential addresses, with 69 changes successfully executed, said ICA.
Of the 69 changes, the perpetrators had gained control of 17 Singpass accounts. After the suspension of the electronic service, ICA said it tried to contact the 87 affected individuals to inform them of the attempted change to their registered address, while house visits were made to those who were uncontactable by phone.
"For all the 87 cases, regardless of whether the attempt to change their address was successful, ICA is facilitating a replacement of their identity card, and restoring their registered address in our database to their legitimate one," said ICA.
"The Singpass accounts linked to all the 87 cases have been reset or suspended."
ICA said it is also working with GovTech to help the 17 users of the compromised Singpass accounts.
"In this regard, the Police and GovTech have been contacting relevant government agencies and private sector services (for example, banks and telcos) which the perpetrators might have accessed using the compromised Singpass accounts, to ensure that appropriate remedial or preventive actions are taken," said the authority.
ICA's investigations began in September last year after receiving reports from members of the public who encountered unauthorised changes to their residential addresses.
By last December, ICA’s investigations showed that the perpetrators had used stolen or compromised Singpass accounts to change the residential addresses of the victims through the "Others" option - which allows the change of address by a proxy.
Investigations to identify the other perpetrators are still ongoing, said the police.
ICA advised the public to check their registered address on its website to ensure it is correct, with any inaccuracies to be reported via FormSG.
"We thank members of the public for their understanding and patience while we work to put in place additional security measures for the eCOA service," said ICA.
