Seven Organizations Including Singtel Fined For Violation of Data Protection Laws

• So far, the total amount of fine slapped by the Personal Data Protection (PDPC) Act has reached up to S$2.1 million (~$1.5 million) since 2016.
• Singtel is fined for the second time for a data breach that occurred in 2018.

In a series of decisions published by the Personal Data Protection Commission (PDPC), seven organizations have been imposed with a fine of S$66,000 (~$47,400). With the latest penalty, the total amount of fine slapped by the Personal Data Protection Act (PDPC) has reached up to S$2.1 million (~$1.5 million) since 2016.

Which are the significant firms?

The seven penalized firms include the names of the telco company Singtel, the Singapore Press Holdings Magazines, the Royal Caribbean Cruises, and SCAL Academy.

Singtel

This is the second round of fine slapped on the firm after the first fine which included an amount of S$25,000 (~$17,955). In the latest round, the firm has been fined S$9,000 (~$6,464) for another data breach involving its My Singtel mobile app. In 2018, the app had leaked the personal data of some 750 mobile subscribers due to some technical issues when migrating to a new billing system.

In November 2019, Singtel was fined S$25,000 (~$17,955) for a data breach that had exposed billing information of up to 330,000 subscribers.

Singapore Press Holdings Magazines

The amount of penalty slapped on SPH Magazines stands at S$26,000 (~$18,673). The fine is for a breach of the forum site HardwareZone which it operates, hosts and maintains. A hacker had gained access to the system in 2017 by hacking a senior moderator’s account. This allowed the hacker to view 704,764 profiles of other members.

The incident was discovered by the SPH in 2017, though the account was accessed by the intruder way back in 2015.

Royal Caribbean Cruises

The cruise company has been penalized with an amount of S$16,000 (~$11,491) for a ransomware attack on its vendor’s system. This resulted in a breach of personal data of six thousand of its customers. In addition to this, the personal data of some 25 of its employees were also compromised.

SCAL Academy

The Academy has been hit with an S$15,000 (~$10,773) fine for failing to protect the personal data of 3,628 people who had attended its programs. The exposed data included name, race, nationality, date of birth, identity card number, address, and company name of individuals.

Conclusion

Apart from the four companies, PDPC has issued a warning to NTUC Income and AXA Insurances for a breach of the protection obligation due to their respective breaches.