Personal data of 70,000 people compromised after cybersecurity incident involving SLA vendor IBM

Names and NRIC numbers are part of affected data set

Shikhar Gupta
Published Fri, Jul 3, 2026 · 02:49 PM
    • IBM is the vendor appointed to support and maintain SLA’s Singapore Titles Automated Registration System and eLodgment System.
    • IBM is the vendor appointed to support and maintain SLA’s Singapore Titles Automated Registration System and eLodgment System. PHOTO: REUTERS

    [SINGAPORE] The Singapore Land Authority (SLA) has disclosed that a cloud environment managed by IT software giant IBM was affected by a cybersecurity incident involving unauthorised access.

    IBM, the vendor appointed to support and maintain SLA’s Singapore Titles Automated Registration System (Stars) and eLodgment System (ELS), managed the development and systems-integration testing environment for Stars and ELS.

    “Preliminary investigations indicate that there was unauthorised access to a data set created for the sole purpose of vendor development and testing,” said SLA on Friday (Jul 3).

    The data set, created in 1998 and updated periodically afterwards, was intended to contain only mock and anonymised testing data based on property ownership and lodgment records.

    SLA said it has now found that it also contained the names, NRIC numbers and then-property addresses of an estimated 70,000 individuals.

    “This information should have been anonymised, but was not,” noted SLA.

    Asean Intelligence

    Get insights into businesses across South-east Asia

    Get the free report

    IBM, the Government Technology Agency of Singapore and the Cyber Security Agency of Singapore are working with SLA to investigate the incident. A police report has also been lodged and the Personal Data Protection Commission has been notified.

    “The affected environment managed by the vendor is distinct and separate from SLA’s operational systems,” said SLA. “There is no connection or compromise to the live systems used for operations of Stars, ELS or any other SLA systems.”

    IBM has also revoked access associated with the affected development and testing environment to prevent any other unauthorised access.

    As a precautionary measure, SLA has identified the individuals whose information was contained in the affected data set and has begun notifying them and advising them on how they can seek further information and assistance.

    Decoding Asia newsletter: your guide to navigating Asia in a new global order. Sign up here to get Decoding Asia newsletter. Delivered to your inbox. Free.

    Copyright SPH Media. All rights reserved.