Personal details of almost 40,000 job seekers leaked online in Singapore

News / Personal details of almost 40,000 job seekers leaked online in Singapore

Personal details of almost 40,000 job seekers leaked online in Singapore

The website for Protemps Employment Services, an employment agency whose office is located in Paya Lebar Singapore, has now been partially restored following a cyber security attack that left its servers swiped and deleted.  

The breach itself upon the Singaporean employment agency occurred on the 4th of October 2021 which resulted in almost 40,000 personal details of those affected to be released online. The majority of the victims are believed to be Singaporean who submitted their job applications to the agency. 

The released personal data of the victims include scans of their identity cards and passports as well phone numbers, salary information, jobs, and home addresses.  

In response to the breach, the employment agency took its website offline until it’s partial restorement on the 21st of October 2021.  

The hackers responsible for the data breach was found to be part of a group named Desorden Group, who were caught online boasting about their criminal activities on hacking forums on the 7th of October 2021.  

The hacker group Desorden is infamous for its repeated targeting of supply chain organisations and the name which is Spanish translates into English as ‘disorder and chaos’.  

The hacker group made a video directed to employment agency stating, “we have 40,000 of your job applicants, along with their personal data and also their identity card or passport images” and that the agency should “think carefully”.   

The video was sent to the agency in conjunction with a ransom note.   

The hacker group then leaked the entire stolen database online, enabling the information to be accessible for just £1.77 (EUR 2.10 or USD 3.30).  

Since the online data breach, the data has been viewed by at least 60 different entities.  

A representative from the Personal Data Commission (PDPC) which is also branch extention from the Infocomm Media Development Authority (IMDA) expressed that they were made aware by Protemps of the data breach and that an investigation into the crime is underway.   

The agency has been contacted by The Strait Times however no comments have been publicly voiced to the news agency.  

As stated previously, the aim behind conducting the data breach was to demand ransom from the employment agency. Typically, when the victims refuse to pay ransom, the pillaged data are sold online on the dark web, in return for large sums of profit.

How secure is

your business?

Security test
How secure is

your business?

Security test