IBM and Singapore Land Authority: Data of 70,000 people compromised in cybersecurity incident involving SLA’s vendor IBM

IBM and Singapore Land Authority: Data of 70,000 people compromised in cybersecurity incident involving SLA’s vendor IBM

Singapore Land Authority Data Breach Exposes Personal Information of 70,000 Individuals

A cybersecurity incident involving the Singapore Land Authority (SLA) and its vendor IBM has compromised the personal data of approximately 70,000 individuals. The breach, disclosed on July 3, stemmed from unauthorized access to a development and testing environment managed by IBM for SLA’s Singapore Titles Automated Registration System (STARS) and eLodgment System (ELS) platforms used by lawyers, government agencies, and authorized users for property transactions.

The compromised dataset, originally created in 1998 for testing purposes and periodically updated, was intended to contain only mock or anonymized data. However, investigations revealed it included real personal information, such as names, NRIC numbers, and past property addresses. SLA confirmed the data should have been anonymized but was not, though the exact cause remains under investigation.

The affected environment was separate from SLA’s operational systems, and the agency assured that live STARS and ELS databases remain secure, with no impact on property ownership or lodgment records. IBM has since revoked access to the compromised system to prevent further unauthorized entry.

SLA has begun notifying affected individuals and is coordinating with IBM, the Government Technology Agency of Singapore (GovTech), and the Cyber Security Agency of Singapore (CSA) to investigate the incident and implement remedial measures. A police report has been filed, and the Personal Data Protection Commission (PDPC) has been notified.

While details on the timing of the breach and when SLA was alerted remain unclear, the agency has acknowledged the incident and apologized for the inconvenience caused. Investigations are ongoing.

Source: https://www.channelnewsasia.com/singapore/ibm-sla-data-breach-70000-people-cybersecurity-6229876

IBM TPRM report: https://www.rankiteo.com/company/ibm-company

Singapore Land Authority TPRM report: https://www.rankiteo.com/company/singapore-land-authority

"id": "sinibm1783067360",
"linkid": "singapore-land-authority, ibm-company",
"type": "Breach",
"date": "7/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '70,000 individuals',
                        'industry': 'Land and Property Management',
                        'location': 'Singapore',
                        'name': 'Singapore Land Authority (SLA)',
                        'type': 'Government Agency'},
                       {'industry': 'Information Technology and Services',
                        'location': 'Singapore',
                        'name': 'IBM',
                        'type': 'Vendor'}],
 'attack_vector': 'Unauthorized Access',
 'customer_advisories': 'Affected individuals being notified',
 'data_breach': {'number_of_records_exposed': '70,000',
                 'personally_identifiable_information': 'Names, NRIC numbers, '
                                                        'past property '
                                                        'addresses',
                 'sensitivity_of_data': 'High (NRIC numbers, names, property '
                                        'addresses)',
                 'type_of_data_compromised': 'Personal Identifiable '
                                             'Information (PII)'},
 'date_publicly_disclosed': '2024-07-03',
 'description': 'A cybersecurity incident involving the Singapore Land '
                'Authority (SLA) and its vendor IBM has compromised the '
                'personal data of approximately 70,000 individuals. The breach '
                'stemmed from unauthorized access to a development and testing '
                'environment managed by IBM for SLA’s Singapore Titles '
                'Automated Registration System (STARS) and eLodgment System '
                '(ELS) platforms. The compromised dataset included real '
                'personal information such as names, NRIC numbers, and past '
                'property addresses, despite being intended for testing '
                'purposes with mock or anonymized data.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage to SLA '
                                       'and IBM',
            'data_compromised': 'Personal information (names, NRIC numbers, '
                                'past property addresses)',
            'identity_theft_risk': 'High (exposure of NRIC numbers and '
                                   'personal details)',
            'legal_liabilities': 'Potential legal liabilities under PDPA',
            'operational_impact': 'No impact on live STARS and ELS databases '
                                  'or property ownership records',
            'systems_affected': 'Development and testing environment for STARS '
                                'and ELS platforms'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'root_causes': 'Failure to anonymize real personal '
                                           'data in testing environment'},
 'references': [{'date_accessed': '2024-07-03',
                 'source': 'Singapore Land Authority (SLA) Public Disclosure'}],
 'regulatory_compliance': {'regulations_violated': 'Personal Data Protection '
                                                   'Act (PDPA)',
                           'regulatory_notifications': 'Personal Data '
                                                       'Protection Commission '
                                                       '(PDPC) notified'},
 'response': {'communication_strategy': 'Notifying affected individuals, '
                                        'public disclosure',
              'containment_measures': 'Access to the compromised system '
                                      'revoked',
              'law_enforcement_notified': 'Yes (police report filed)',
              'remediation_measures': 'Investigations and remedial measures '
                                      'underway',
              'third_party_assistance': 'Government Technology Agency of '
                                        'Singapore (GovTech), Cyber Security '
                                        'Agency of Singapore (CSA)'},
 'title': 'Singapore Land Authority Data Breach Exposes Personal Information '
          'of 70,000 Individuals',
 'type': 'Data Breach'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.