According to a press release, the Ministry of Defence (MINDEF) detected a breach in its I-net system (I-net) earlier this month.
National servicemen and employees can access the internet for their personal communications or surfing the Internet using dedicated I-net computer terminals in MINDEF and Singapore Armed Forces (SAF) camps and premises.
Classified military information is not stored in the I-net system. Classified materials in MINDEF/SAF are stored on a different computer system, which is not connected to the internet and has more stringent security features.
However, NRIC (National Registration Identity Card) numbers, telephone numbers and dates of birth, which are required for I-net account management, are stored on I-net. Investigations revealed that basic personal data, comprising NRIC numbers, telephone numbers, and dates of birth of around 850 servicemen and employees were stolen from I-net. Accrding to a report on Channel News Asia, the ministry clarified that no passwords were lost.
Investigations are still ongoing. On detecting the breach, MINDEF disconnected the affected server from I-net. Immediate and detailed forensic investigations were conducted on the entire I-net system to determine the extent of the breach. Though no breach had been detected, all other computer systems within MINDEF/SAF are also being investigated as a precautionary measure.
MINDEF has informed the Cyber Security Agency and the Government Technology Agency of Singapore to investigate other Government systems but no breaches have been detected till now.
The release stated that all affected personnel will be contacted and informed within the week that their personal data had been stolen. They will be advised to change any passwords for other systems, which use any of the stolen information and to report any unusual activity related to the use of their personal information to MINDEF/SAF. MINDEF/SAF will continue to provide internet access to service considering the requirements of national servicemen and employees.
The purpose of the target cyberattack might have been to steal official secrets, but the physical separation of I-net from the internal systems prevented access to classified information.
Read the press release here.