SAC accidentally leaks personal data of 6,541 people through emails

The data was sent through emails to 22 organisations.

The Singapore Accountancy Commission has announced it had accidentally exposed personal data of 6,541 individuals in emails sent to 41 people in 22 organisations, according to a press release.

A folder containing the data was attached to emails sent from 12 June to 22 October. The recipients were 21 Accredited Training Organisations (ATOs) and one vendor.

Affected individuals include former and current Singapore Chartered Accountant (CA) Qualification candidates, ATO personnel and others involved in the administration of the qualification programme before 17 May. These individuals had their names, National Registration Identity Card (NRIC) numbers, birthdates, contact details, education and employment information, and CA qualification examination results leaked.

SAC discovered on 7 November after it had implemented a new data protection filter based on the recommendations of the Public Sector Data Security Review Committee. The commission then contacted all 22 organisations on 11 November to request that they delete the folder and find out whether the recipients had forwarded the folder to others.

Affected individuals were informed today and the Personal Data Protection Commission (PDPC) has already been notified. A panel headed by SAC Chairman Chaly Mah has been formed to investigate the leak.