The personal data of 4,297 people has been compromised after a website hack, according to a statement by the Singapore Red Cross (SRC) on May 16. 

Last Wednesday (May 8), SRC said it was alerted by its web developer to an incident of unauthorised access to the part of its website which supports the recruitment of interested blood donors. Information of 4,297 people who registered their interest on the website was compromised. Their names, contact numbers, e-mails, declared blood types, preferred appointment dates and times and preferred locations for blood donations were leaked. 

Investigations to determine the cause of the incident are ongoing but preliminary findings show that a weak administrator password could have left the website vulnerable to the unauthorised access, said SRC.

A police report was made on the same day and the incident was also reported to the Personal Data Protection Commission and Health Sciences Authority (HSA), a statutory board under the Ministry of Health. 

“Our immediate priority is to ensure affected individuals and partners are notified, while working with the relevant parties to restore and strengthen our IT systems, safeguard our data, and mitigate any future risks,” said SRC CEO Benjamin William in a statement.

SRC has temporarily disconnected the website from internet access and replaced it with a temporary webpage until security checks are completed. External consultants have been engaged to conduct a forensic investigation on the hack.

The latest healthcare-related data breach at the SRC comes after a series of similar events in Singapore earlier this year – in January, the confidential information of more than 14,000 HIV-positive individuals were leaked and in March, the HSA reported that the personal information of 800,000 blood donors were left exposed by their vendor.