Over 3,000 names & NRIC numbers leaked due to CEA system error, investigations ongoing

CEA IT system glitch exposes names & NRIC numbers of more than 3,000 individuals

A “technical issue” in the Council for Estate Agencies’ (CEA) IT system caused the names and NRIC numbers of 3,320 individuals to be accidentally leaked to 18 unintended recipients on 21 Jan.

CEA, the statutory board overseeing the real estate agency industry, discovered the data leak at 11.21am on 22 Jan and took immediate action, a spokesperson told MS News.

The exposed dataset included names and NRIC numbers of individuals who had registered for the March 2024 Real Estate Salesperson or April 2024 Real Estate Agency exams.

CEA nric

For illustration purposes only

However, no contact details, such as phone numbers or email addresses, were disclosed.

Unintended recipients delete emails without sharing or using data

On 24 Jan, CEA issued an apology to all 3,320 affected individuals, notifying them about the incident, providing follow-up actions, and offering support.

It also contacted the 18 unintended recipients — comprising property agents, former property agents, and past candidates of the Real Estate Salesperson exam — urging them to delete the email and its contents.

The recipients confirmed they had done so without sharing or using the data.

CEA disables affected system function

CEA promptly disabled the affected system function and initiated an investigation to identify the root cause of the data leak.

Initial investigations revealed that the incident was an isolated case caused by a technical issue.

The agency confirmed that it has secured the IT system involved in the breach and implemented recovery measures.

A comprehensive review of its systems and processes is also underway, in collaboration with its vendor, to prevent future occurrences.

“We take data privacy seriously and sincerely apologise for this lapse,” the CEA spokesperson said. “We are committed to strengthening our internal processes to ensure the safeguard of privacy and security of data entrusted to us.”

The Ministry of Digital Development and Information (MDDI) also told MS News that, in line with the public sector data incident management framework, CEA has taken immediate steps to address the issue.

CEA is also conducting a comprehensive review of its systems and processes, the spokesperson added.

Also read: ‘It bothers me’: 80% of people polled not comfortable with unmasking NRIC number

Have news you must share? Get in touch with us via email at news@mustsharenews.com.

Featured image by TheSmartLocal, for illustration purposes only.

  • More From Author