Who: Secur Solutions Group /HSA/Singapore National Blood Bank

When: 13 March 2019

# of records involved: 800,000 Blood Donors

What happened: The personal information of more than 800,000 people who have donated or registered to donate blood in Singapore since 1986 was improperly put online by a Health Sciences Authority (HSA) vendor

How did it happen: A Third party vendor, Secur Solutions Group, to Health Sciences Authority (HSA) allowed access to an improperly secured online database. Access to the database was cut off soon after the discovery.

Outcome: The HSA said its preliminary findings indicate that there was only one instance of external access – by a cybersecurity​ expert who discovered the vulnerability on Tuesday (March 12) and alerted the Personal Data Protection Commission to it a day later. They immediately took steps to verify that no sensitive medical or contact information was contained in the database. The confidentiality of our donor’s information given to us is our utmost priority and we really hope our donors will continue to trust in us to do the right thing. We have engaged external cybersecurity professionals, KPMG in Singapore, and initiated a thorough review of our IT systems. We are working closely with HSA and other authorities in continuing investigations and a police report was filed.