Sias to discontinue access of membership database to Internet, will launch new website

THE Securities Investors Association of Singapore (Sias) will launch a brand new website in two days and will discontinue any access of its membership database to and from the Internet, it said in an update on Thursday. 

This comes after it revealed on Wednesday that hackers had stolen the personal data of 70,000 members in 2013 without its knowledge. Sias was only informed of the attack on Wednesday morning when the Cyber Security Agency of Singapore (CSA) paid it an unexpected visit.

The names, NRIC and telephone numbers of about 70,000 of its members have been stolen and leaked, it was informed by CSA. Sias then reached out to its members via email on the same day. 

"The membership database ... will be on (a) standalone system," said Sias president and CEO David Gerald in a statement, adding that the system is currently offline and not accessible.

"We are also exploring additional security measures for access to the database. We are currently working with our IT vendor to investigate the breach and work towards securing our system."

According to CSA, the breach could have potentially occurred through access of the database from the Sias membership log-in page from its website. Hackers could have created a code and injected it into Sias' log-in page, which enabled the thieves to steal the information.  

To prevent any further potential breach, it has taken down the current website and started scrubbing the website for any malware before migration of any data. 

Sias, since 2013, has not received any feedback or information from members that the hacking had adversely impacted them, it said. 

Last Friday, SingHealth - Singapore's largest group of healthcare institutions - disclosed that hackers stole the personal particulars of 1.5 million of its patients, including Prime Minister Lee Hsien Loong.