AIA Singapore apologises for bug exposing agents' personal data
share on
Approximately 200 current agents, former agents and their family members' personal information on AIA Singapore's web portals was publicly accessible last week.In a statement to Marketing, an AIA spokesperson said that the incident was first brought to light of a system issue on 27 February. The insurance company's information security team located the source of this information and the page was immediately taken down. The spokesperson added that at the moment, the information has only been accessed by the individual who notified about the issue. AIA is currently in the process of contacting affected individuals, and that it has taken the necessary steps to ensure all information is protected."As an additional safety measure, we have also been working with an independent consulting firm to run a comprehensive check of the system. We have informed and are providing authorities regular updates as we conduct the review," the spokesperson said. Calling it an isolated incident, the spokesperson said that the company is committed to taking actions to ensure that it does not happen again."We apologise for any anxiety that this may have caused our agents, ex-agents and their next of kin. AIA Singapore takes our responsibility to protect our agents’ and customers’ data privacy very seriously. We have information security frameworks in place in accordance with leading industry standards and remain vigilant to all potential cyber security risks," the spokesperson said.According to the The Straits Times article, the portal contained information of current AIA agents, former agents and their family members. Details such as names, NRIC numbers, genders, date of birth and contact numbers could be found. In an emailed statement to Marketing, Personal Data Protection Commission (PDPC) said that it is aware of the incident and is looking into the matter.The breach comes shortly after the Singapore government revealed earlier this year that confidential information of approximately 14,200 individuals diagnosed with HIV was illegally disclosed online. MOH shared, in a press statement, that 14,200 individuals diagnosed with HIV up to January 2013, and 2,400 of their contacts, is in the possession of an unauthorised person. Singapore also encountered its biggest breach last year in July when over 1.5 million patient personal particulars and outpatient dispensed medicines in SingHealth database was infiltrated.The rise of cyber incidentsAccording to corporate investigations and risk consulting firm, Kroll, it reported that over 2,000 reports of cyber attacks within the last year can be attributed to human error, compared to 292 cases that were deliberate cyber incidents. With cyber incidents at an all-time high and perpetrators seeming to develop new methods of attack virtually every day, the report said that there is also a corresponding rise in perceived vulnerability among respondents.About half or more of respondents said that their companies are highly or somewhat vulnerable to cyber attacks. In today’s digitised and globalised markets, the value and vulnerability of information has made it among the most difficult of assets to protect.Majority of the respondents said that companies have begun implementing employee-focused mitigation actions, in lieu of the recent cyber attacks. This includes employee restrictions on installing software (89%) and employee cyber security training (83%). Incident response plans (IRPs) also lead the list, with 80% of respondents indicating their company already has an IRP in place.In addition, respondents also said that they expect companies to implement intrusion detection systems that are device-based (57%), endpoint threat monitoring (55%), and intrusion detection systems that are networked based (54%). Cyber security is rapidly becoming a board governance mandate as the likelihood of an incident grows along with increasing regulatory pressures and costly reputational risks associated with data privacy. While only 46% of respondents currently involve the board of directors in cyber security policies and procedures, another 40% plan to do so in the next 12 months.
share on
Follow us on our Telegram channel for the latest updates in the marketing and advertising scene.
Follow
Free newsletter
Get the daily lowdown on Asia's top marketing stories.
We break down the big and messy topics of the day so you're updated on the most important developments in Asia's marketing development – for free.
subscribe now open in new window