Singapore
Alleged hack of MLCB and CBS: Sensitive borrower data appears exposed
Hackers claim to have breached records from the Moneylenders Credit Bureau (MLCB) and Credit Bureau (Singapore), obtaining sensitive data from 324,000 MLCB reports. Gutzy reviewed the leaked data and confirmed its authenticity, but agencies have yet to respond to queries.
A hacker group identifying themselves as GhostR has claimed responsibility for a massive data breach involving the Moneylenders Credit Bureau (MLCB) and Credit Bureau (Singapore) Pte Ltd (CBS).
The breach, which allegedly took place on 14 June 2024, has compromised 54.6GB of data, including 324,362 MLCB reports of individuals in Singapore — locals and foreigners.
MLCB serves as a central repository for borrowers’ loan and repayment histories with licensed money lenders in Singapore, and its reports are crucial for assessing creditworthiness and preventing excessive borrowing. It operates under the purview of Singapore’s Ministry of Law (MinLaw).
CBS, a subsidiary of SGX-listed Credit Bureau Asia (CBA), operates the MLCB system under the designation of MinLaw.
GhostR stated in an email to The Online Citizen that they had informed MLCB and CBS about the data compromise on 28 June 2024.
However, according to GhostR, neither organization has responded or negotiated the safety of the sensitive data. In retaliation, GhostR decided to leak the first 10,000 MLCB reports — out of 324,362 — publicly.
The leaked reports contain detailed personal and financial information, including:
- Borrower’s personal information, such as name, ID number, or Unique Entity Number (UEN).
- Loan information, including loan type, tenure, principal loan amount, and total amount payable to the legal money lender.
- Payment and repayment status, listing all outstanding loans and the repayment history of each loan.
- Loan guarantor’s status, reflecting the guarantor or surety’s legal responsibility for any unpaid loans.
Gutzy Asia has reviewed the leaked data and confirmed its authenticity. It is unknown what period the files cover. According to the leaked files, the data goes back to 2021.
Many reports contain individuals submitting applications multiple times to determine the loan amount they qualify for based on their credit balance, employment, and income type.
The exposed data could potentially lead to identity theft, fraud, harassment, and other financial crimes, putting affected individuals at substantial risk.
Gutzy has written to the agencies to verify the hack but has not received any confirmation or denial from them as of the time of publishing this article.
If the hack has indeed occurred, it is unknown what immediate actions have been taken to mitigate the damage to those whose data has been leaked and enhance data protection protocols.
In what seems to be a post-event preventive measure, both MLCB and CBS have restricted access to their websites from foreign IP addresses, blocking features for users accessing from outside Singapore.
One of 10,000 data forms leaked by GhostR.
Notice to Our Readers: Moving Back to The Online Citizen
Construction worker dies in Changi worksite accident; Driver arrested
Consumers Association of Singapore fined S$20,000 for PDPA breaches following two data security incidents
Singapore’s Yip Pin Xiu secures historic three-peat at Paris Paralympics
Jamus Lim on Minister Chee Hong Tat’s remarks on fiscal policy: Calls for genuine debate over rhetoric
Philippine migrant group in SG hosts successful blood donation drive
China’s ex-convict jailed six years in Singapore for S$6.7M crypto scam
Chee Hong Tat’s call for fiscal prudence rings hollow amid contradictory government spending
UN food agency halts operations in Gaza after vehicle shot by Israeli forces
KL City Hall cancels National Day event following sinkhole incident
Swiss court convicts 2 executives for embezzling S$1.8 billion from 1MDB
Tan Suee Chieh: Sacrificing NTUC Income’s values for short-term gains undermines its foundation
-
Politics1 week agoJamus Lim on Minister Chee Hong Tat’s remarks on fiscal policy: Calls for genuine debate over rhetoric
-
Politics2 weeks agoSM Lee: Singaporeans must ‘change attitudes’ as Govt promises ‘bold and necessary changes’
-
Community1 week agoToast Box faces backlash and boycott calls amid price increases
-
Media1 week agoNotice to Our Readers: Moving Back to The Online Citizen
-
Singapore1 week agoSingapore introduces new scheme in April 2025 offering up to S$6,000 in financial support for retrenched workers
-
Politics1 week agoJamus Lim raises concerns over high cost of living and its impact on Singaporeans’ sense of belonging
-
Opinion1 week agoChee Hong Tat’s call for fiscal prudence rings hollow amid contradictory government spending
-
Singapore1 week agoTan Suee Chieh: Sacrificing NTUC Income’s values for short-term gains undermines its foundation
So many breaches but still forcing the population to go digital. We were safe previously but by just adopting systems to follow global trends we are exposing ourselves to identify and monetary theft. This is organised crime. The sooner it is accepted and recognised as a planned theft using technology, only then can correct measures be put in place.
Wow! Such organizations also can be broken into and vast amount of sensitive data stolen and then only made known to public after about 1 month?
Paying a fine is just one thing but the damages to the individuals can last forever. Can people sue MLCB and CBS for not properly securing their sensitive data?
Anyway those credit loan firms sprouting all over town on prime ground floor shops and HDB town centres are just legalized loan sharks.
Minister for Digital Development and Information, and Second Minister for Home Affairs is
Josephine Teo
Competent, Reliable, Forward planning, team player.
Good results..!!
What is the difference?!? Legal money lender given rights by Top to lend money, suppose to do due diligent so that money not loss.
Illegal money lender. You are not appointed by the Overlords or Top but by their Team B or black to lend money. Terms ambiguous, may involved cult or slavery, money loss?!?
Target: Poor and Victims aplenty
Legal moneylender and illegal money lender. Own by Two sides of overlords …
I thought Our SG is a SMART nation?
Why a lot of stuff going downhill?
Who is really in charge of OUR SG these days huh?
Tsk tsk tsk …
Ok ok ok, … we have been enlightened and reminded that even MLCB and CBS are vulnerable and hackable !!!
But but but, … it’s everyday and ordinary peoples details that’s compromised and on display !!!
C’mon c’mon c’mon, … treat us to more salacious and saucy bits on salaries and investment portfolios of local celebrities, … like ministers, second third and fourth ministers, presidents, mayors, exCEO’s of Temasek, governmental carriers, …… .. …… .. …… ..
And getting their Team B ready to take over cos Team A are selling everything … No?!?
MAYBANK Sdn Bhd. is also reported to have it’s data stolen and put on sale on the Dark Web.
Watch out all the 1000s of 1000s of bank users from the cleaner, janitor, to the Fujian friends.
Mind the FULL BALANCES of One’s CPF accounts.
CAN CPF MEMBERS WITHDRAW their ENTIRE CPF monies TO ESCAPE from BEING STOLEN – bcz the PAP Administration is so well KNOWN NOT to take blames and responsibility.
Anyone takes the PAP Administration’s HIJACKED’s Singapore Government to the Peoples Services to TASK?
Hahaha NOW IS A DAMN BLOODY GOOD GOOD GOOD TIME this PAP Administration WASHES it’s hand CLEAN THOROUGHLY. And USEFOOL Voter FOOLS of acting as pseudo People’s Judiciary LEFT BLUR who is RESPONSIBLE.
SG is a Smart Nation – WHICH MILLIONAIRE LIAR from the PAP Cabinet said and proclaimed.