The Ministry of Defence (MINDEF) detected a breach in its I-net system (I-net) earlier this month. I-net provides Internet access to national servicemen and employees for their personal communications or Internet surfing using dedicated I-net computer terminals in MINDEF and Singapore Armed Forces (SAF) camps and premises. No classified military information is stored on I-net. NRIC numbers, telephone numbers and dates of birth are required for I-net account management and these are stored on I-net. Classified matters in MINDEF/SAF use a different computer system with more stringent security features and are not connected to the Internet.
Upon detection, MINDEF disconnected the affected server from I-net. Immediate and detailed forensic investigations were conducted on the entire I-net to determine the extent of the breach. As a precaution even though no breach had been detected, all other computer systems within MINDEF/SAF are also being investigated.
Investigations revealed that basic personal data, comprising NRIC numbers, telephone numbers, and dates of birth of around 850 servicemen and employees was stolen from I-net. Investigations are ongoing. The attack on I-net appeared to be targeted and carefully planned. The real purpose may have been to gain access to official secrets, but this was prevented by the physical separation of I-net from our internal systems.
All affected personnel will be contacted within the week. They will be informed that personal data had been stolen and to change their passwords for other systems if these use any of the stolen information. They have also been advised to report any unusual activity related to the use of their personal information to MINDEF/SAF. Affected personnel with further queries may also contact MINDEF/SAF at 1800-367-6767 or IT_Helpdesk@defence.gov.sg.
As Internet access is needed by national servicemen and employees while they are in camp, MINDEF/SAF will continue to provide access to our servicemen despite this incident. We will continually strengthen our cyber defences as the level of targeted attacks is expected to continue and rise.
MINDEF has also informed the Cyber Security Agency and the Government Technology Agency of Singapore to investigate other Government systems. No breaches have been detected so far.
MINDEF apologises for this breach and any inconvenience or harm caused to all affected servicemen.