25 October 2021
The personal data of around 40,000 job seekers in Singapore has been disclosed online, following a cyberattack on an employment agency, according to the Business hours and the Straits Times.
Protemps Employment Services, which offers temporary, permanent and contractual recruitment services, saw its entire server looted and deleted earlier this month.
The personal details of approximately 40,000 people who submitted applications to the company have since been posted. Details include scans of their ID cards or passports, phone numbers, salaries, jobs, and home addresses. Most of the job seekers appeared to be Singaporeans.
The hackers, known as the Desorden Group, said they were behind the attack on October 4, bragging about their break-in on hacking forums on October 7. They made a video showing the stolen files and databases, with a message to Protemps, saying they had stolen all the files from the server and cleaned them up. He also came with a warning for Protemps to “think carefully”.
The video was reportedly sent to Protemps with a ransom note. Desorden Group is known to target organizations related to supply chains.
Protemps notified the Personal Data Protection Commission and is investigating the incident. The Protemps website, which was taken offline following the attack, appears to have been partially restored.
Staffing industry analysts have reached out to Protemps for comment, but the company has yet to respond.