Connect with us

Singapore

Singapore’s Ministry of Law confirms data breach of borrower data

On Thursday, Singapore’s Ministry of Law confirmed a data breach affecting 12 licensed moneylenders, compromising data of 128,000 clients. The data was leaked on a popular hacking forum in retaliation for non-negotiation with the hackers involved.

Published

on

On Thursday, the Singapore Ministry of Law (MinLaw) confirmed a data breach involving borrower data of 12 licensed moneylenders (LMLs) who had engaged Ezynetic Pte Ltd (Ezynetic), a third-party IT vendor.

This confirmation follows a report by hackers identifying themselves as GhostR, who claimed responsibility for the breach involving data managed by the Moneylenders Credit Bureau (MLCB) and Credit Bureau (Singapore) Pte Ltd (CBS).

MLCB serves as a central repository for borrowers’ loan and repayment histories with licensed money lenders in Singapore, and its reports are crucial for assessing creditworthiness and preventing excessive borrowing. CBS, a subsidiary of SGX-listed Credit Bureau Asia (CBA), operates the MLCB system.

GhostR stated in an email that they had informed MLCB and CBS about the data compromise on 28 June 2024.

However, according to GhostR, both organizations failed to respond or negotiate the safety of the sensitive data. In retaliation, GhostR decided to publicly leak the first 10,000 MLCB reports on a popular hacking forum.

The breach, which allegedly took place on 14 June 2024, has compromised 54.6GB of data, including 324,362 MLCB reports of individuals in Singapore.

The leaked reports contain detailed personal and financial information, including:

  • Borrower’s personal information, such as name, ID number, or Unique Entity Number (UEN).
  • Loan information, including loan type, tenure, principal loan amount, and total amount payable to the legal money lender.
  • Payment and repayment status, listing all outstanding loans and the repayment history of each loan.
  • Loan guarantor’s status, reflecting the guarantor or surety’s legal responsibility for any unpaid loans.

Gutzy reached out to MLCB and CBS for confirmation and a response to the breach but did not receive any replies.

In what seems to be a post-event preventive measure, both MLCB and CBS have restricted access to their websites from foreign IP addresses, blocking features for users accessing from outside Singapore.

The exposed data could potentially lead to identity theft, fraud, and other financial crimes, putting affected individuals at substantial risk. .

In a press release on Thursday, MinLaw provided details about the breach, confirming that Ezynetic’s system was accessed by a malicious actor, compromising the personal identifiable information of an estimated 128,000 clients of the 12 LMLs.

The 12 LMLs whose data was compromised are:

  1. Ban King Credit (S) Pte Ltd,
  2. Credit 21 Pte Ltd,
  3. Lending Bee Pte Ltd,
  4. Katong Credit Pte Ltd,
  5. Credit Thirty3 Pte Ltd,
  6. GS Credit Pte Ltd,
  7. 1AP Capital Pte Ltd,
  8. Creditmaster Pte Ltd,
  9. BST Credit Pte Ltd,
  10. U Credit (Pte) Ltd,
  11. Horison Credit Pte Ltd, and
  12. Credit Matters Pte Ltd

The data of the remaining 8 LMLs who use Ezynetic’s services was not affected, said the ministry.

MinLaw emphasized that Ezynetic’s system is not hosted on or linked to the Government’s network.

“The 12 LMLs and Ezynetic have made reports to the Police, the Cyber Security Agency of Singapore (CSA), and the Personal Data Protection Commission (PDPC). The LMLs have also begun notifying their borrowers of the breach and have reminded them to stay vigilant against possible phishing scams.”

As a containment measure, CBS has restricted access to the MLCB platform for all 20 LMLs served by Ezynetic.

“MLCB’s online functions remain fully available to the other 133 LMLs in Singapore. Borrowers with queries may reach out to their respective LMLs for more information.”

MinLaw, as the regulator of LMLs, takes a serious view of the data breach and stressed that the LMLs have a duty to protect any information in their possession or control, including information residing on their third-party vendor systems.

“MinLaw is investigating the matter with CSA and PDPC. MinLaw is also in close contact with CBS to support affected LMLs’ business recovery efforts.”

Share this post via:
Continue Reading
14 Comments
Subscribe
Notify of
14 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Why confirm now? Was there an intention to hide from the public until a time that it couldn’t be hidden any longer?

It must be based on their intentnational standard.

VTO. VTO.

“EZYNETIC PTE. LTD. is a Singapore EXEMPT PRIVATE COMPANY LIMITED BY SHARES. The company was incorporated on 15 Jun 2021. The address of the Business’s registered office is 100 PECK SEAH STREET, #08-14, PS100, Singapore 079333. The Business current operating status is Live Company. The Business’s principal activity is DEVELOPMENT OF SOFTWARE AND APPLICATIONS (EXCEPT GAMES AND CYBERSECURITY). (eg PROVIDE ALL-ROUNDED IT SOLUTIONS NETWORK, SOFTWARE AND HARDWARE). The Business’s secondary activity is INFORMATION TECHNOLOGY CONSULTANCY (EXCEPT CYBERSECURITY). (eg PROVIDE IT CONSULTANCY FOR FINANCIAL SERVICES). The company’s paid-up capital is SGD 1. The company UEN is 202120973C, registered with ACRA on… Read more »

Ah, would there be fine for data security breach? MLCB or CBS? Or the blame goes to the 3rd party vendor?

CSA and PDPC, please update us how much FINES you going to award MLCB, CBS and Ezynetic.

Both the hackers and the ‘authorities’ are the winner when data leaks!

Has been widely known many CECA citizens in I T fields working in SG are moonlighting. Some even rob and slain their own employers with their own Company set ups with overseas partners to slice off their bosses businesses.

What BIG CLOWNS is this PAP Administration.

So many inside jobs and yet blame on this blame on that, software glitches is the most common PATENTED PAP Blame.

Smart Nation so vulnerable? Ridiculous lying. Trick Singaporeans into complacency, trick Singaporeans into BELIEVING PAP Administration a BUNCH of Talents – Big L JIAO to all PAP Bastards.

Follow Khaw Boon Wan’s SUGGESTION all Line Up One by one JUMP DOWN from MBS Skypoolside. Do U all have GUTS?

Got GUTS to pay Ownself Millions ROBBED from SG Reserves – BUT NO GUTS to jump.

How can this happen when we have the world’s highest paid security guard watching over,where are the pit vipers,black mambas all disappeared & gone for summer mating season????

Where are the pit vipers & black mambas guarding systems,gone ‘fornicating” summer is mating season???

Aiya, they already borrow from legal ah long. Why they care about privacy anyway.
It just looks bad on our Cybersecurity Police Departments. Ahh Pui!!! Useless Coders & Security Team. But Salary A1 Division 1. With Bonus.

I have predicted that this is going to keep on happening. You cannot use technology developed by foreigners. The technology used must be developed by ourselves. Next our Banks may be robbed digitally.

Let’s think of national interests – what’s this PAP’s strategic thinking and planning for Singapore. Or seems clearly PAP has NO BLOODY DEEP interest for Singapore actually for decades.

Funny, they WILLINGLY THROW 100s of 1,000,000s of $ on Foreigners giving FOC University scholarships. Why wasn’t this HUGE money spent on own locals on I T courses?

And WORST, ALL PAP MPs claimed to speak for voters, rep their INTERESTS, BUT NONE has THOUGHTS for our people – to give I T Edn to our PROMISING young people.

Is there a need for physical attack against Sheegapore. I think SAF can be disbanded.

National Service in the SAF can be terminated – since quite a large number of people in SG also don’t need to be conscripted, esp politically related.

One would think this 2 hacks is only an introduction to more severe and widespread hacks?

Strange this PAP Administration has been concentrating State Funds and State Resources to ONLY BULLY and Fight locals instead of focusing on many other more pressing national issues and problems.

Smart Nation. No. No. No.

It’s Very very very smart nation – triple smart.

Vivian is fully idiotic wrong. Trying to lie to Sheeps.

Trending