Red Cross website hacked in latest Singapore cyber attack

The Singapore Red Cross said Thursday its website had been hacked and the personal data of more than 4,000 potential blood donors compromised in the latest cyber attack on the city-state.

Singapore, one of the world's most digitally advanced countries, has been the target of multiple high-profile hacks in recent times, including the theft last year of 1.5 million citizens' health records.

In the latest attack, Singapore Red Cross (SRC) said personal details, including names, blood types, and contact numbers of 4,297 potential blood donors were compromised after an unauthorised access to a section of its website on May 8.

SRC reported the breach to the authorities on the same day and police have launched an investigation, a statement said.

"SRC takes this incident seriously," the organisation said, adding that "external consultants" are helping in the probe.

Preliminary findings showed that a "weak administrator password" may have made the site vulnerable.

SRC Secretary General Benjamin William said the organisation was contacting individuals affected by the breach.

Last July, the city-state's biggest ever data breach saw hackers gain access to a government database and make off with the records of 1.5 million Singaporeans including Prime Minister Lee Hsien Loong.

An official inquiry highlighted a litany of failings, including weaknesses in computer systems, and inadequate staff training and resources. Authorities believe a state was likely behind that attack.

Singapore in January announced that confidential information of 14,200 people diagnosed with the virus that causes AIDS had been dumped online, with most of those affected foreigners.

Authorities accused Mikhy Farrera Brochez, an HIV-positive American who was jailed in the city-state and deported in 2018, of leaking the data after obtaining it from his Singaporean doctor partner.

In March, the Health Sciences Authority said the personal data of 800,000 people who have donated or registered to donate blood in Singapore since 1986 were improperly put online for more than two months.

Cybersecurity experts have pointed out that health data is particularly vulnerable because it can be used to blackmail people in positions of power.

Scott Robertson, vice president of Asia Pacific and Japan for cybersecurity firm Zscaler, said the Red Cross breach "underscores that cybersecurity is a business problem that has to be supported by technology".