How to manage data breaches

A new guide explains how companies can better deal with online threats to their data

As companies move more of their operations online, the threat of cyberattacks and data breaches has become a growing concern for management teams. To help organisations manage and respond to data breaches more effectively, Singapore’s Personal Data Protection Commission (PDPC) issued a Guide to Managing Data Breaches 2.0 in May this year.

In the updated guide, a data breach is defined as an incident that exposes personal data in an organisation’s possession to the risks of unauthorised access and use. According to the guide, “Data breaches often lead to financial losses and a loss of consumer trust for the organisation”.

As such, it notes that organisations should have in place monitoring measures for early detection and warning for possible breaches, and a data breach management plan for reporting and assessing a data breach.

The guide also sets out the steps that organisations can take in responding to a data breach, which we present below. You can find the full guide here.

Biggest data hacks in Southeast Asia

Cebuana, Philippines

Over 900,000 customers of Philippine-based pawnshop Cebuana Lhuillier were affected by a data breach that was detected in January this year. According to Cebuana, customer information such as date of birth, addresses and sources of income were accessed. The hack involved an email server used for marketing, with unauthorised access starting in August 2018.

SingHealth, Singapore

In 2018, Singapore experienced its largest data breach ever when 1.5 million patients of SingHealth’s specialist outpatient clinics had their personal information stolen. This included names, National Registration Identity Card numbers, addresses, gender and dates of birth.

Ministry of Health, Singapore

Confidential information belonging to 14,200 people diagnosed with HIV was stolen and leaked online in Singapore earlier this year. According to the Ministry of Health, the compromised personal data included names, contact details, HIV test results and other medical information of some 5,400 Singaporeans and 8,800 foreigners dating up to January 2013.

True Corp, Thailand

In March 2018, it was revealed that the identity documents of around 45,000 customers of Thai telco True Corp had been exposed. The 32GB data cache included 45,736 files, consisting mainly of JPG and PDF scans of identity documents including scanned ID cards, driving licences and possibly passports.

Malaysian Communications and Multimedia Commissions, Malaysia

In 2017, more than 46 million mobile subscribers’ data was stolen and leaked online. The information includes mobile numbers, unique phone serial numbers and home addresses.