A Group Called The Knowns Hacked Into K Box’s Database.
At 4 am on 16th September 2014, a collective called The Knowns hacked into K Box’s database, leaking contact details of its 317,000 customers. The list includes each customer’s phone numbers, email addresses, dates of birth, NRIC numbers, and even their marital status.
These details were emailed to various media outlets, including MediaCorp.
Channel News Asia was able to verify the identity of several members, who stated that her details were accurate. Those who were affected expressed concern for their privacy. Some wondered if internet trolls would exploit this information to their own ends.
“K Box should have taken appropriate measures to prevent this,” said banker Delia Koh, admitting that the incident was “scary.”
Why The Knowns Did It
The hackers said that this was in response to “the recent increase in toll at Woodlands,” and stated that it was “an unnecessary financial burden on working Malaysians.”
“We had [sic] done it before and we will do it again,” they said.
This incident comes after M1’s security breach, which is undergoing investigation by the Personal Data Protection Commission (PDPC) of Singapore. The PDPC is also investigating is investigating this incident.
“Under the Personal Data Protection Act, organisations are required to make reasonable security arrangements to protect personal data in their possession or under their control in order to prevent unauthorised access, collection, use or similar risks,” said a PDPC spokesperson.
K Box Apologizes
There was an outpouring of support from their fans:
What Happens Next?
Privacy concerns are now becoming more prevalent in Singapore—apart from these two incidents, which happened this week, more than 1,500 SingPass accounts were breached in June this year. The personal details of 4,000 individuals’ saved on the Singapore Art Museum’s website were revealed on an overseas website.
Although many people may agree that K Box should have added more security measures, the solution isn’t to blame the victim, but rather, figure out how to minimise the damage done. In a better world, we would teach people not to hack, but sadly, disgruntled people with computer know-how will spare no thought for the privacy of people.