Data belonging to National University Of Singapore Society is on the dark web
The National University Of Singapore Society's website has been hacked. As a result, personal data belonging to 1,355 members has been stolen. The data is now being sold on the dark web. According to a report delivered by NUSS on Monday (Nov 1), the website was hacked early last month.
The Straits Times tried to enquire whether the information stolen had been encrypted or not. The university graduate club however, declined to give further details. It only added that the affected members had their full NRIC numbers stolen.
NUSS responds to claims of personal data of members stolen
Replying to questions whether names of members were stolen, NUSS only responded: "NRIC numbers which match the names of 1,355 members" had been accessed. In an email to affected people, other members also had a combination of other details tempered with.
This included their date of birth, nationality, gender, marital status, e-mail address, work and personal phone numbers. Additionally, work and home addresses, vehicle registration number, university degree details, and membership number were also tempered with. Furthermore, other details potentially stolen included food and beverage orders, restaurant and event registrations. Also, feedback sent through the NUSS website was never spared.
NRIC data or images and even payment card or bank information were not part of the information accessed. According to NUSS, it received alerts on Oct 8 that their data had reached the dark web. Unidentified individual of a dark web forum claimed to be selling information of the society members. The information was obtained from NUSS' website hosted by a third party web hosting provider.
Information according to investigations
According to investigations, the hacker carried out a sophisticated attack on the company's website on dates 6 and 7, Oct. He further downloaded some data stored on the NUSS web server. It's main server however had no interference.
The club therefore resolved to take part of it's website offline until the security scenario is reviewed. The Web Hosting Provider is also to address any security concern before the website resumes full functionality.
NUSS is currently involved in reviewing it's security measures. This is to ensure that something like this doesn't happen again. The case is with the Singapore Personal Data Protection Commission and the police.
Remember, the maximum fine for a data breach is $1 million. Organisations however, can soon be fined more - up to 10% of their annual turnover, or $1 million, whichever is higher. The higher fine is set to take effect at least 12 months from Feb 1 this year.
Do you find this content interesting?
This is just a MIRROR ! Find us via our Main TOR domain
And Let us know by leaving a comment and a rating.
Also, don't forget to follow our Official Telegram Channel to stay informed and safe by Reading NOIRdotNEWS