AIA Singapore is taking action after the discovery of a potential data breach in which the personal information of 225 of its current and former agents, as well as their family members, was found to be publicly accessible.
The insurer is currently running a check on all its systems after it became aware of the issue last week, the Straits Times reported. Singapore’s Personal Data Protection Commission is also investigating the matter.
On Wednesday last week, a member of the public accessed an online portal, which contained names, birthdates, national ID numbers, and contact numbers of 225 individuals, including current and former AIA agents, and their family members as young as two years old. The person informed AIA, which then took down the webpages.
“Our information security team located the source of this information and the site was immediately taken down,” a spokesman for AIA told the Straits Times. “At this point in time, we believe the information was accessed only by the individual that notified us about it.
“AIA Singapore takes our responsibility to protect our agents’ and customers’ data privacy very seriously. We are running a comprehensive check of all our systems as an additional safety measure.”
However, the insurer did not disclose other information about the portal, such as its purpose, date of creation, and how long it could have been accessed by the public.
Singapore’s Personal Data Protection Act requires organisations to implement reasonable security measures to safeguard all personal data in their possession or management, and protect the data from unauthorised access or use. Entities that violate the law can be fined up to SG$1 million.