Singapore Red Cross website hacked
Full names, contact numbers and e-mails of over 4,200 people compromised
The personal data of more than 4,200 potential blood donors, including their full names, contact numbers and e-mails, have been compromised following a breach of the Singapore Red Cross (SRC) website.
The "unauthorised access" was discovered on May 8, and while investigations are ongoing, SRC says it may have been because a weak administrator password had been used.
The website gets people to indicate their interest in making a blood donation.
This allows SRC to make an appointment on their behalf with the various blood banks and blood mobiles.
The affected information also included declared blood types, preferred appointment dates and times, and preferred locations for blood donations.
The non-profit organisation said its other databases have not been compromised and no other information was affected.
The Health Sciences Authority's (HSA) systems were also unaffected by this incident.
SRC was alerted to the breach by its web developer on May 8. It lodged a police report the same day.
As a precaution, SRC disconnected the website from internet access and replaced it with a temporary web page with links to relevant websites.
External consultants are also conducting forensic investigations to determine the exact factors that allowed this to happen.
The findings and measures to be taken will be reported to the SRC Council (Board), which governs the Singapore Red Cross.
Mr Benjamin William, SRC's secretary general and chief executive officer, apologised to the website's affected users.
He said: "Our immediate priority is to ensure affected individuals and partners are notified, while working with the relevant parties to restore and strengthen our IT systems, safeguard our data, and mitigate any future risks."
SRC's case is the latest in a string of data breaches affecting health-related organisations.
In March, HSA said that the personal information of more than 800,000 blood donors was left exposed on the Internet for nine weeks after the data was mishandled by its vendor.
In January, the HIV-positive status of 14,200 people - along with confidential information such as their identification numbers and contact details - was leaked online.
In July last year, Singapore suffered its worst cyber attack.
The SingHealth data breach resulted in the stolen data of more than 1.5 million patients, including that of Prime Minister Lee Hsien Loong.