Contact Contact Us

800,000 Blood Donor's Data Exposed Online for Two Months

Singapore's Health Sciences Authority (HSA) has apologised to some 800,000 blood donors after a third-party vendor, who was handling data update, left a database unsecured without a password since 4 January. The exposed database, containing personally identifiable information of blood donors since 1986, was hosted on an internet-facing server and accessible through a database client. A security researcher based overseas who stumbled upon the unsecured databased notified Singapore’s Personal Data Protection Commission and the affected server was quickly secured within the hour. Initial investigation indicated that no other external access, besides the foreign researcher who discovered the leak, was recorded and the incident has no impact on HSA's centralised blood bank system.

[1] 800,000 Blood Donors' Data Put Online by HSA Vendor

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883