HomeTeamNS Hit by Ransomware Attack, Employee and Member Data Potentially Exposed
Singapore’s non-profit organization HomeTeamNS disclosed a ransomware attack on February 25, which compromised access to some of its servers. The affected systems were immediately isolated to prevent further spread, and third-party cybersecurity experts were engaged to investigate and remediate the incident.
The breached servers contained employee and ex-employee data, as well as vehicle details of members and affiliate members. While there is currently no evidence of data extraction, HomeTeamNS is closely monitoring the situation. The organization, which supports over 260,000 national servicemen (NSmen) from the Singapore Police Force (SPF) and Singapore Civil Defence Force (SCDF), operates four clubhouses and organizes social activities for its members.
In response, HomeTeamNS reset all administrative account passwords, enhanced security scans, and strengthened firewalls. The incident has been reported to Singapore’s police and the Cyber Security Agency (CSA), with affected individuals already notified and provided assistance to mitigate risks like phishing or unauthorized transactions.
Ransomware remains a persistent global threat, though international law enforcement efforts have slowed its growth—rising 15% in 2024 compared to 77% in 2023, per the US Cyber Threat Intelligence Integration Center (CTIIC). However, new ransomware variants emerged in late 2024, signaling ongoing risks. Many attacks exploit known vulnerabilities and weak security practices, such as default passwords, as seen in Indonesia’s June 2024 PDN-2 breach, which disrupted government services.
In Singapore, SMEs in manufacturing and retail are frequent targets, though unreported incidents may obscure the full scale of the threat. Recent local cases include a 2023 ransomware attack on law firm Shook Lin & Bok, which also involved police and CSA investigations.
Source: https://govinsider.asia/intl-en/article/hometeamns-hit-by-ransomware-attack-on-feb-25
TPRM report: https://www.rankiteo.com/company/htxsg
"id": "htx1765600286",
"linkid": "htxsg",
"type": "Ransomware",
"date": "2/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Employees, ex-employees, '
'members, and affiliate members',
'industry': 'Public Service / National Service '
'Recognition',
'location': 'Singapore',
'name': 'HomeTeamNS',
'size': 'Large (260,000+ members)',
'type': 'Non-profit organisation'}],
'customer_advisories': 'Affected individuals contacted and provided '
'assistance to protect against phishing or '
'unauthorised transactions',
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'No evidence of data extraction',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Personally identifiable information '
'(PII)',
'type_of_data_compromised': 'Employee and ex-employee data, '
'vehicle details of members and '
'affiliate members'},
'date_detected': '2024-02-25',
'description': 'Singapore’s non-profit organisation, HomeTeamNS, reported '
'that access to some of their servers was affected by a '
'ransomware attack on February 25. The affected servers were '
'immediately disabled and isolated from the IT network. The '
'servers contained some data of the organisation’s employees '
'and ex-employees, and the vehicle details of some members and '
'affiliate members. Currently, there was no evidence of data '
'extraction from the servers.',
'impact': {'data_compromised': 'Employee and ex-employee data, vehicle '
'details of members and affiliate members',
'identity_theft_risk': 'Potential risk due to exposed data',
'systems_affected': 'Servers'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Password changes, enhanced '
'security scans, and '
'firewall improvements'},
'ransomware': {'data_encryption': 'Yes', 'data_exfiltration': 'No evidence'},
'recommendations': 'Better cyber-hygiene, including avoiding default '
'passwords and addressing known vulnerabilities',
'references': [{'source': 'GovInsider', 'url': 'https://govinsider.asia'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to Cyber '
'Security Agency of '
'Singapore (CSA)'},
'response': {'communication_strategy': 'Affected individuals contacted and '
'provided assistance to protect '
'against phishing or unauthorised '
'transactions',
'containment_measures': 'Affected servers disabled and isolated '
'from the IT network',
'enhanced_monitoring': 'Yes',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (Singapore Police and Cyber '
'Security Agency of Singapore)',
'remediation_measures': 'Passwords of all administrative '
'accounts changed, security scans and '
'firewalls enhanced',
'third_party_assistance': 'Engaged third-party cybersecurity '
'experts'},
'title': 'HomeTeamNS Ransomware Attack',
'type': 'Ransomware'}