Close to 4,300 persons who signed up to donate blood through the Singapore Red Cross had their personal data leaked last week, after the non-profit organisation’s website was hacked.
Exposed were their names, contact numbers, e-mail addresses, declared blood types, preferred appointment dates and times and preferred locations for blood donations, according to The Straits Times.
The Red Cross Society has since disconnected its website from the Internet and put up a temporary webpage to link to various other online sites, such as its Facebook page.
The non-profit organisation said yesterday that it would only have the site back online after it was sure that security was no longer an issue, according to media reports.
No other information was affected, it told the media yesterday, while apologising to those affected for the data leak.
The cyber security incident, made known yesterday, is the latest to hit Singapore after a series of data leaks suffered by various healthcare organisations in the past year.
In January this year, news came that 14,200 HIV patients had their personal details exposed. Then in March, the Health Sciences Authority said the data of more than 800,000 blood donors had been leaked after it was placed on an unsecured server.
Earlier, in July last year, the country had faced its largest data breach when it emerged that 1.5 million people had their information stolen from the SingHealth healthcare group.
Like the other earlier incidents, it appears that the Singapore Red Cross’ data leak could be prevented. Preliminary investigations so far reveal that the unauthorised access could be down to a weak administrator password.
The non-profit organisaton only found out about the leak last week, after its website developer alerted it to unauthorised access to parts of the website.
CORRECTION at 17/05/2019 11:47pm: An earlier version of the story carried a headline stating that there were more than 4,300 people affected by the data leak. This is incorrect. Close to 4,300 were affected. We are sorry for the error.