Singapore Data Protection Commission issues 3 undertaking responding to ransomware attacks

October 24, 2024 |

The Personal Data Protection Commission of Singapore issued three undertakings on Orchid Hotel Pte Ltd, Absolute Telecom Pte Ltd and Hiap Seng Engineering Ltd stemming from ransomware attacks involving each of the companies.  The cause of those data breaches were due to insufficient IT security measures.  The attacks affected the personal data of over 690,000 individuals.

The Commission requires affected organisations to implement remediation plans to rectify the immediate breach and address any systemic shortcomings to ensure compliance with the PDPA on a continual basis, such as:

  • Enforce a stricter password policy requiring strong and unique passwords for all accounts
  • Implementing Multi-Factor Authentication (MFA)
  • Engaging a DPE service provider to implement basic data protection and cybersecurity measures
  • Conduct training sessions for employees to raise their awareness on data protection and cybersecurity best practices

Leave a Reply





Verified by MonsterInsights