SINGAPORE - The Ministry of Defence (Mindef) said on Tuesday (Feb 28) that the personal information of some National Servicemen (NSFs) and ministry employees were stolen after a "targeted and carefully planned" attack on one of its computer systems.
Here are three things to know about what happened:
1. Who and what is affected?
Mindef said that it detected a breach in its I-net system, which provides Internet access to NSFs and Mindef staff, earlier in February.
Following investigations, it was discovered that the basic personal data of about 850 NSFs and staff were stolen. This includes their NRIC numbers, telephone numbers and dates of birth. This information is required for I-net account management, according to Mindef.
2. Was classified information stolen?
No. Mindef said that the real purpose of the breach may have been to gain access to official secrets.
The Mindef statement said: "But this was prevented by the physical separation of I-net from our internal systems."
Classified military information is not stored on the I-net systems, and instead use a different computer system with more stringent security features.
3. What action was/will be taken?
According to Mindef, the affected server was disconnected from the I-net system once the breach was deteced, and detailed forensic investigations on the entire system was immediately conducted to determine the extent of the breach.
Other computer systems within Mindef and the Singapore Armed Forces (SAF) are also being investigated as a precaution.
Investigations are still ongoing, but all affected personnel will be contacted within the week.
Mindef said: "They will be informed that personal data had been stolen and to change their passwords for other systems if these use any of the stolen information. They have also been advised to report any unusual activity related to the use of their personal information."
Mindef also clarified that Internet access will continue to be provided to servicemen in spite of this incident.
"We will continually strengthen our cyber defences as the level of targeted attacks is expected to continue and rise," it said.
Mindef added that the Cyber Security Agency and the Government Technology Agency of Singapore have also been informed of the breach to investigate other Government systems. No breaches have been detected so far.