Stop use of NRIC numbers for authentication, agencies urge private sector: MDDI
This comes on the back of government efforts, since January, to ensure the proper use of NRIC numbers in the private sector to better protect citizens, the Ministry of Digital Development and Information (MDDI) said in a statement on the same day.
'NRIC numbers should not be used to prove that a person is who he claims to be for the purposes of trying to gain access to services or information meant only for that person,' the MDDI statement said.
'It is unsafe for organisations to use NRIC numbers in this manner because a person's NRIC number may be known to others, permitting anyone who knows his NRIC number to impersonate him and easily access his personal data or records,' the MDDI statement added.
The ministry noted that some private sector organisations currently require individuals to use their NRICs as passwords to access information intended solely for them, such as insurance documents.
Organisations that use full or partial NRIC numbers for authentication should transition away from this practice as soon as possible, it said.
This includes not setting NRIC numbers as default passwords and not using full or partial NRIC numbers with other easily obtainable personal data.
'If it is necessary to authenticate a person, organisations should consider alternative methods, for example requiring the person to use strong passwords, a security token or fingerprint identification,' the MDDI statement said.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Times
2 days ago
- Business Times
Tech and innovation committee to boost AI adoption among firms and workers
[SINGAPORE] The recently formed committee on tech and innovation under the government's new Economic Strategy Review will look at how to help more companies adopt artificial intelligence (AI) and enable more people to gain fluency in the technology. Speaking to reporters after touring PwC Singapore's AI hub on Monday (Aug 11), Minister for Digital Development and Information (MDDI) Josephine Teo said sustained economic growth is not a given, 'so we will have to find ways to strengthen our economic strategies to be relevant to the current times'. This led to the creation of the economic strategy review , with one of its key pillars being the committee on tech and innovation, she added. A key area the committee will examine is how AI adoption can be broadened and deepened. This means looking at the number of companies that will adopt the technology meaningfully, and the number of people that will become meaningful AI practitioners in their business domains, said Teo. The committee is co-chaired by Minister of State for Digital Development and Information and Education Jasmin Lau and Senior Parliamentary Secretary for Culture, Community and Youth and Sustainability and the Environment Goh Hanyan. Goh, also present at the tour of PwC's AI hub, said in response to media queries on small and medium-sized enterprises' (SME) adoption of AI that 'we are currently at the process of meeting with new companies' to understand what they are facing on the ground and what they want to be supported by. BT in your inbox Start and end each day with the latest news stories and analyses delivered straight to your inbox. Sign Up Sign Up 'It's incumbent for us to listen to the voices of businesses and even workers from companies big and small, to ensure that the whole economy benefits and is uplifted by this technology,' she added. The committee aims to address different companies' pain points and figure out how to support them in AI adoption. Companies with more resources can develop in-house solutions, but the question for smaller businesses is the way of improving access to pre-approved solutions, Goh noted. Acquiring AI skills to stay relevant Responding to The Business Times' question on how the committee intends to help SMEs overcome tight budgets and other practical challenges in adopting AI, she said that it is 'too early to tell' since the committee just started on formal consultations. 'Sometimes the best solutions may not come from the government. It's about learning from each other, learning from experts, and drawing the links,' she noted. In response to a question on AI replacing jobs, Goh said the committee will prepare workers to not get replaced and move into sectors that will benefit from the technology. 'We want to see how most employees can be equipped with AI relevant skills so that they can continue to play a part in the workforce of the future', said Teo, adding that this will be a very important part of the economic strategy review's work. She noted that workers who are acquiring AI skills will have a better chance of succeeding, compared to those who are not so ready. Wide-scale adoption of AI also ties in with MDDI's work related to Smart Nation 2.0 and National AI Strategy 2.0, she said. PwC launches new AI hub As part of the committee's work in engaging with companies on their AI Centres of Excellence, Teo and Goh toured PwC's AI hub, where they saw live demonstrations of the technology improving various business functions. The hub was launched on May 21 , with the PwC network aiming to commit US$4 million over a three-year period. In a written response to BT queries, AI hub leader of PwC Singapore Anthony Dias said that the hub aims to develop and scale AI capabilities, foster strategic alliances and help organisations build practical applications. 'Over the past year, PwC has worked with organisations worldwide to scale AI use cases across industries such as finance, healthcare, logistics, legal and the public sector,' he said. The hub's number of employees grew from four at inception to 15 at its official launch in May. 'We are now looking to expand the team to 20 employees by the end of the fiscal year,' noted Dias. While the hub's employees currently comprise AI researchers and data scientists, he said that PwC is exploring opportunities to include product managers, solution architects, business analysts and domain experts in areas such as tax, legal and sustainability. The hub is also supported by the Economic Development Board.
CNA
01-08-2025
- CNA
147,000 customer records affected following data breach at Cycle & Carriage
SINGAPORE: A breach at Cycle & Carriage's database has affected about 147,000 records containing customer information, the car distributor said on Friday (Aug 1). In response to CNA's queries, a spokesperson from Cycle & Carriage said that it was alerted on Jul 14 to "unauthorised access" into its customer relationship management system by a threat actor who downloaded some customer information. "About 147,000 data records are affected. Most of the downloaded records have missing or partial information," added the spokesperson. The affected data records may contain names and contact information - such as email addresses and phone numbers - with about 2 per cent of them containing National Registration Identity Card (NRIC) numbers and deposit amounts. No banking or credit card information was divulged, the spokesperson said. "Once we became aware of the incident, we have taken measures to prevent further unauthorised access to the system. "A thorough investigation was carried out and forensic experts were activated to look into the possible causes of this unauthorised access," the spokesperson added. Apologising to affected customers, Cycle & Carriage said that the company has internal processes, protocols, and training in place to support data governance and cyber hygiene, but will continue to "review and refine these as needed" in light of the incident. The firm has lodged a police report and notified the Personal Data Protection Commission (PDPC). It has also begun to inform affected customers in batches from Wednesday. In an email sent to a customer on Thursday, which CNA has seen, the firm referred to a "cybersecurity incident" and added that it was still investigating the full scope of the breach. Customers were advised to be cautious of phishing activities or suspicious requests for personal information.
AsiaOne
25-07-2025
- AsiaOne
1,300 names, addresses of traffic offenders published online; police investigating, Singapore News
SINGAPORE – The police are investigating after the names and addresses of around 1,300 traffic rule offenders were published online, after police printing vendor Toppan Next Tech's (TNT) systems were compromised in a ransomware attack. The personal information of the traffic violators were found to have been published online on July 18, said the police and Cyber Security Agency of Singapore (CSA) on July 24, although the leak is believed to have been from an attack months earlier. TNT had received data from the Traffic Police, including the names, addresses, NRIC numbers and traffic violation details of motorists for the purpose of printing and mailing information to the offenders. Only names and addresses, believed to be from Traffic Police records, were found published online, said the police, with no indication the other data has been circulated. The data was believed to have been compromised during an earlier attack on the systems of TNT. The Traffic Police's systems were not breached, the police added. The printer was the target of a ransomware attack on April 1 that had affected two of its banking clients – DBS Bank and the Bank of China's Singapore branch – and compromised the data of over 11,000 of the banks' customers. TNT reported the attack to the Personal Data Protection Commission on the evening of April 6. Both the CSA and the police are helping TNT to strengthen its cyber-security measures. TNT was also a printing vendor for the Elections Department, and was engaged to print poll cards and ballot papers for the recent 2025 General Election. The police said they will notify the affected people individually, and urged those affected to monitor their personal accounts for suspicious activities. Those who notice unusual activity can report their observations to the police hotline on 1800-255-0000 or [[nid:716497]] This article was first published in The Straits Times . Permission required for reproduction.
