Potential data breach after travel agency employee loses hard disk
Disk contains names, mailing addresses and NRIC details of more than 200 clients
The authorities are investigating a potential data breach after a travel agency employee lost a hard disk containing personal details of clients.
The employee of Insight Vacations had taken the disk out of the office without authorisation and lost it in a taxi on the way home.
The disk, which has not been recovered, contains the names, mailing addresses and NRIC details of more than 200 clients, as well as the names, mailing addresses and mobile numbers of more than 5,000 people on the agency's mailing lists.
The incident came to light only after the agency recently conducted an internal review of best practices for data protection.
A spokesman for Insight Vacations told The New Paper yesterday the employee was reprimanded and has since resigned.
"We immediately reported the incident to the relevant authorities after we discovered the accidental loss as we felt it was important to take a proactive approach to alerting those affected on the risks of someone misusing their mobile number or mailing address," she said.
"We value the importance of our guests' privacy and, as a company, regularly review policies regarding customer data privacy."
She said there had been no indication that any personal data had been accessed or used inappropriately, but the company wanted to be accountable to its clients and the public.
"Insight Vacations and our parent company, The Travel Corporation, take security of customer data seriously and regret that this incident has happened," she said.
"We have extensive policies and procedures governing the security of customers' personal information, including the use of portable data storage devices, and are conducting a thorough review of potentially affected records and taking measures to further improve our data security going forward."
Insight Vacations said it will be engaging third-party experts on data privacy and system security, and is implementing mandatory training for employees provided by a global data security training provider.
A spokesman for the Personal Data Protection Commission said it is investigating after it was notified of the incident.
Insight Vacations e-mailed its clients and people on its mailing lists yesterday to inform them that it was actively monitoring for indications of information being leaked.
The e-mail also assured them that it had taken the necessary steps and are committed to protecting the information.
The recipients were advised to take precautionary steps to avoid falling victim to fraudulent activities.
Mr Steven Wong, 63, an office manager who received the e-mail, said he had provided his details when he took part in a contest by Insight Vacations.
"I actually found it amusing that someone left the hard disk in a taxi," he said.
Singapore had its most serious data breach in June when the personal data of 1.5 million SingHealth patients was compromised. Noting this and other breaches, Mr Wong said the public should know by now to be more alert of scams.
He said: "I don't know the extent of this new potential breach, but people should always be on the alert of identity theft and scams."