fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

10 most notable data breach cases in 2021

data breach cases in 2021

The year is about to end, and there’s a lot for us to look back and set as a reminder for us not to do again. As the PDPC strictly monitors data breaches and related endeavors, organizations must make sure that they are kept abreast with the recent decisions and undertaking of the PDPC as these form part of the laws and regulations set in the PDPA.

Before we proceed with a new leaf as 2022 comes along, let’s look back at the 10 most notable data breach cases in 2021 based on the severity of the financial penalty imposed by the PDPC and the number of personal data affected by it.


Also Read: PDPA compliance for real estate agencies

10 most notable data breach cases in 2021

10 most notable data breach cases in 2021, a looking back!

1) Breach of the Protection Obligation by Commeasure

In this case, Commeasure was made to pay a whopping S$74,000 for failing to put in place reasonable security arrangements to prevent the unauthorized access and exfiltration of customers’ personal data hosted in a cloud database. This accident affected 6 million customer records. This is the biggest data breach incident in the history of the PDPA.

(2) Breach of the Protection, Accountability, and Retention Limitation Obligations by Stylez

A financial penalty of S$37,500 was made to pay to Stylez for failing to put in place reasonable security arrangements to protect the personal data of its customers and cease retaining data when the purpose of collection no longer exists. As a result, the personal data of its customers was publicly exposed. A direction was also issued to Stylez to develop and implement internal data protection policies and practices to comply with the PDPA. This is the 2nd highest financial penalty this year, plus Stylez contravened several provisions in the PDPA: Protection, Accountability, and Retention Limitation Obligations

(3) Breach of the Protection Obligation by HMI Institute of Health Sciences

This is the 3rd highest penalty by the PDPC for this year. In this case, a financial penalty of S$35,000 was made to pay to HMI Institute of Health Sciences for failing to put in place reasonable security arrangements to protect personal data stored in its server. This resulted in the data being subjected to a ransomware attack. HMI Institute of Health Sciences is a training institute in the healthcare industry. This case highlights the fact that training institutions must also adhere to the PDPA provisions.

Notable data breach cases for 2021

(4) Breach of the Protection and Accountability Obligation by Jigyasa

In this case, directions and a financial penalty of $30,000 were awarded to Jigyasa for many contraventions. First, it failed to put in place reasonable measures to protect employee assessments reports on its website. Second, it did not appoint a DPO. Lastly, it did not have written policies and practices necessary to ensure its compliance with the PDPA. This is the 4th highest penalty by the PDPC for this year.

(5) Breach of the Protection Obligation by Tripartite Alliance

A financial penalty of S$29,000 was awarded to Tripartite Alliance for failing to put in place reasonable security arrangements to prevent the unauthorized access of approximately 20,000 individuals’ and companies’ data stored in its customer relationship system database. This is the 5th highest financial penalty this year, and it affected a staggering 20,000 individuals’ and companies’ data.

(6) Breach of the Protection and Accountability Obligation by Webcada

A financial penalty of S$25,000 was awarded to Webcada for breaches of the PDPA. First, the organization failed to put in place reasonable measures to protect personal data on its database servers. Second, it did not have written policies and practices necessary to ensure its compliance with the PDPA. This is the 6th highest financial penalty this year.

10 Data breach cases in 2021 notable enough for recognition

(7) Breach of the Protection Obligation by SAP Asia

For the 7th notable data breach case in 2021, a financial penalty of S$13,500 was awarded to SAP Asia for failing to put in place reasonable security arrangements to protect the personal data of its former employees. This resulted in an unauthorized disclosure of the personal data of unintended recipients. This breach was due to an employee’s carelessness, giving us an idea that regardless of whether it was due to negligence by an employee, the organization is still liable if there’s a breach of data. 

(8) Breach of the Protection Obligation by ChampionTutor

In this case, a financial penalty of S$10,000 was awarded to ChampionTutor, a tuition agency, for failing to put in place reasonable security arrangements to protect personal data in its possession. The incident resulted in the personal data being exposed. This is the 8th highest financial penalty this year, and this is the organization’s second data breach in a span of 2 years only.

(9) Breach of the Protection Obligation by the Future of Cooking

This case involves Future of Cooking and was made to pay a financial penalty of S$9,000 for failing to put in place reasonable security arrangements to prevent unauthorized disclosure of its customers’ personal data on its website. This is the 9th highest financial penalty this year, plus an example of how a lapse in proper security arrangements can lead to a data breach.

(10) No Breach of the Protection Obligation by Giordano

Lastly, this case is notable because it serves as a landmark case of how an organization can be spared from financial penalty even after contravention of the PDPA. Giordano was found not in breach of the PDPA in relation to an unauthorized network entry and ransomware infection that affected two of its systems storing personal data.

Also Read: PDPA Compliance for the Telecommunication Sector

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us