News

Over 3,300 names & NRIC numbers leaked due to Council for Estate Agencies' IT system error

Preliminary investigations indicate that this was an "isolated incident," CEA said.

Khine Zin Htet
clock

January 28, 2025, 01:39 PM

image

Telegram

Whatsapp

A set of data containing 3,320 names and NRIC numbers was sent to 18 unintended recipients on the evening of Jan. 21, 2025 after a technical issue in the information technology (IT) system of the Council for Estate Agencies (CEA)

In response to queries by Mothership, CEA said on Jan 26 that it discovered the issue at 11:21am on Jan 22.

The 3,320 individuals were all those who had previously registered for the March 2024 Real Estate Salesperson or April 2024 Real Estate Agency examinations.

No contact information such as phone numbers or email addresses of the individuals was disclosed.

Isolated incident: CEA

Upon discovery of the data leak, CEA said it took immediate action to disable the affected system function and launched a full investigation to identify the root cause.

Preliminary investigations indicated that this is an "isolated incident arising from a technical issue" in their IT system, it said.

The system has since been secured, and recovery steps have been taken to contain it, it added.

Recipients contacted

CEA said it promptly contacted the 18 unintended recipients of the email as soon as the issue was discovered.

The recipients have since deleted the email and its contents, without forwarding or using the data.

They included property agents, former property agents, and previous exam candidates for the Real Estate Salesperson examination.

Those affected also contacted

On Jan. 24, CEA also wrote to the 3,320 individuals whose data was disclosed to inform them of this incident and their follow-up actions.

These were all individuals who had previously registered for the March 2024 Real Estate Salesperson or April 2024 Real Estate Agency examinations.

They also apologised and provided their contact information, allowing them to reach out to the CEA for further assistance if needed.

Review ongoing

As part of their recovery response, CEA said they are conducting a comprehensive review of their systems and processes with their vendor to prevent a recurrence.

"We will enhance our monitoring capabilities and data security measures so as to prevent any risks of system errors," they said.

"We take data privacy seriously and sincerely apologise for this lapse. We are committed to strengthening our internal processes to ensure the safeguard of privacy and security of data entrusted to us."

Top photo by Mothership

Follow us on Facebook, Instagram, Twitter and Telegram to get the latest updates.

  • image
  • image
  • image
  • image

MORE STORIES

Events