• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

PRESSLED

Your Leading News Source

PRESSLED
Your Leading News Source

  • Home
  • BUSINESS
  • MONEY
  • POLITICS
  • REAL ESTATE
  • US
  • Meet the Reporters
  • About/Contact

Organisation that oversees Tafep fined $29,000 over data breach, Tech News News & Top Stories

May 14, 2021 by Staff Reporter

The Tripartite Alliance Limited (TAL) has been fined $29,000 after the data of about 20,000 people was accessed by hackers last year.

TAL oversees the Tripartite Alliance for Fair and Progressive Employment Practices (Tafep) and handles employment disputes.

The Personal Data Protection Commission (PDPC) said in a recent decision that TAL had failed to put in place “reasonable security arrangements” to prevent the unauthorised access of its customer relationship management system database.

Hacked data included names, identification numbers, contact numbers, e-mail addresses, age, race, marital status, salaries and compensation amounts.

Business contact details from company representatives, such as an individual’s name, business telephone number or business e-mail address, were affected too.

These records of about 12,000 individuals and 8,000 companies, including company representatives, were provided to Tafep on Feb 14 last year or earlier.

Cyber-security experts have said that such data could be used by cyber criminals to send victims personalised phishing e-mails, allowing them to steal passwords or drop ransomware that locks up digital files until the crooks get paid.

TAL said in a statement that it has been investigating and monitoring the incident in the past year, and there is no evidence that hackers had stolen the data.

But the PDPC noted that the data was not encrypted, which made it vulnerable to exposure.

The commission fined TAL $29,000 based partly on the large number of affected people – 20,000 – and the nature of the compromised data.

“The database contained details of employment-related complaints and disputes,” said PDPC. “Individuals would expect a high level of confidence when they convey such matters to the organisation.”

But in mitigation, it noted that there was no evidence of data theft, and that TAL was upfront and took “prompt remedial actions”.

TAL was set up in 2016 by the tripartite partners – the Ministry of Manpower, National Trades Union Congress and Singapore National Employers Federation.

The organisation promotes fair and progressive employment practices, as well as provides mediation and advice in employment-related disputes.

PDPC said in an April 15 decision that TAL informed the commission on March 3 last year that a server hosting its customer relationship management system was infected with ransomware. TAL said the Tafep system was infected on Feb 14 last year.

TAL uses the system to handle employment-related inquiries, feedback and complaints.

The system was not available to users on Feb 17, but its vendor managed to restore it using a back-up within three hours.

Investigations later found the system was hit by a ransomware attack. But TAL said it has yet to receive any ransom payment demand from the perpetrators.

Security logs showed that hacking attempts were made on the system’s database server between Feb 7 and Feb 14 last year.

TAL claimed that since June 2019, it had included security monitoring services for the customer relationship management system.

“However, there was inadequate process put in place to ensure that the (system’s) vendor proactively monitored the alerts and took actions to block malicious activities in a timely manner,” said PDPC.

TAL said that after the incident, it took steps to prevent the rest of the system from being infected and reset the passwords of all user accounts in the system.

The organisation began to closely monitor the system vendor’s IT services support weekly.

TAL also did a review to strengthen management of all its third-party IT service providers, such as requesting them to conduct cyber-security audits.

It has also decommissioned the affected customer relationship management system.

Anyone with queries about the incident, or suspects his information has been misused by hackers, can contact Tafep at www.tal.sg/tafep/Contact-Us/PD-Form

Originally Appeared On: https://www.straitstimes.com/tech/tech-news/organisation-that-oversees-tafep-fined-29000-over-data-breach

Filed Under: TECH/SCIENCE, Uncategorized

Primary Sidebar

More to See

Why does campfire smoke follow you? The science behind it

With the long weekend upon us, Canadians will likely spend the next few days out at the lake or in their backyards, gathered around a … [Read More...] about Why does campfire smoke follow you? The science behind it

Kotak Securities Announces investment in Fintech Startup Multipl; All You Need to Know

Kotak Securities Limited (KSL) has announced an investment in fintech startup Multipl as part of the company’s $3 million Pre-Series A round of … [Read More...] about Kotak Securities Announces investment in Fintech Startup Multipl; All You Need to Know

Shawnee Pools business staying in the family

SHAWNEE TOWNSHIP — Bob and Connie Sutherland have been in the swimming pool business for 53 years, and it all started from an ad in the … [Read More...] about Shawnee Pools business staying in the family

Privacy Policy | Terms and Conditions | About/ Contact
Copyright © 2022 · PRESSLED · As Amazon Associates we earn commissions from qualifying purchases · Log in

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT