SINGAPORE, April 5 — Around 30,000 individuals who have used the services of Employment and Employability Institute (e2i) may have had their names, contact details and other personal data exposed following a malware attack on a mailbox belonging to an employee of a third-party vendor last month.

The incident “may have resulted in an unauthorised access” to the employee’s mailbox, which also contains other data such as National Registration Identity Card details, educational qualifications and employment details, e2i said on Monday (April 5).

e2i is the job and training arm of the National Trades Union Congress.

Together with the vendor, i-vic International, e2i said it has followed up with immediate mitigation measures to tighten the security of email and network systems, and will be doing constant checks to monitor for any potential vulnerabilities.

Advertisement

e2i said it is reaching out to the potentially affected individuals through email, SMS or phone calls to inform them about the incident and to provide support on how best to manage the potential risks involved.

“We are alerting the potentially affected individuals to be vigilant on phishing attempts and monitor for any suspicious activities or requests,” said e2i.

Those who receive suspicious email of such nature, or suspect a scam in the works, may wish to file an online report with the Singapore Computer Emergency Response Team or reach out to e2i.

Advertisement

e2i said the incident, in which a malware infected a mailbox belonging to an employee of i-vic International, was brought to its attention on March 12.

Given the complexity of the investigations, e2i said it has taken time to make an impact assessment.

“We have worked with the utmost urgency with the vendor to ascertain the nature and extent of personal data that has been potentially affected,” it said.

e2i chief executive officer Gilbert Tan apologised to its clients for the anxiety the incident has caused.

“The protection of our clients’ personal data is of utmost importance to us,” he said. “Though the malware did not target e2i directly, cybersecurity threats are real and the protection of personal data is of top priority to us.”

He assured the public that e2i’s operations, services and systems remain unaffected, and that jobseekers can continue to seek employment and employability assistance with the organisation. — TODAY