Singapore's MINDEF suffers I-net data breach, 850 credentials stolen
Singapore’s Ministry of Defence (MINDEF) has publicly revealed the details of a breach in its I-net system, which happened earlier this month.
Hackers stole the contact details of around 850 servicemen and employees, in what MINDEF calls a targeted and carefully planned attack.
The I-net system provides dedicated computer terminals and internet access in MINDEF and Singapore Armed Forces (SAF) bases, who can use it for personal communications or web surfing.
I-net does not store classified military information, however users are required to provide NRIC numbers, phone numbers and dates of birth in order to manage their own accounts. These are stored on I-net, and were stolen during the hack.
MINDEF says that as soon as it discovered the hack, the affected server was disconnected from I-net. It then immediately conducted a forensic examination to analyse the extent of the breach.
MINDEF suspects hackers may have been trying to get access to official secrets, but the separation between I-net and its other computer systems prevented access.
All employees affected by the breach are being contacted about their stolen data this week. They are being urged to change their I-net passwords and passwords for any systems that use the stolen data.
Employees who see any unusual activity related to the use of their personal information should also notify MINDEF/SAF.
MINDEF and SAF use different computer systems for classified information, with what it says are ‘more stringent security features’ and no internet connection. Despite no detected breach in these systems, they are also being investigated.
MINDEF says it will continue to provide access for employees in camps despite the breach. It has also notified the Cyber Security Agency and the Government Technology Agency of Singapore to investigate other government systems.
“We will continually strengthen our cyber defences as the level of targeted attacks is expected to continue and rise,” the statement says. MINDEF apologises for harm and inconvenience caused by the breach.