28 October 2021
A Singapore employment agency that suffered a data breach that saw the details of around 40,000 job seekers leaked online said most of the data stolen came from fake profiles, reports The times of the straits. Protemps Employment Services issued a statement acknowledging the incident, but said it never received a ransom note to recover the data. The entire Protemps server had its data stolen and deleted on October 4, and the stolen data was uploaded three days later. The hackers claiming responsibility for the attack were called Desorden Group. Dorothy Neo, chief executive of Protemps, told the Straits Times that the actual number affected was lower than claimed by the hackers. She said most of the alleged details came from fake resumes sent to the company via spam accounts, and only 2,500 real applicants were affected. Of these, she said only 300 profiles contained “full details”, including training, salaries, contact numbers and addresses. The data stolen from Protemps had been viewed by around 120 entities.
“No ransom note has been sent to our vendor or Protemps to pay any amount to secure the publication of data on our website,” Neo said. “Protemps is committed to supporting our customers as we resolve this incident.” Investigations into the incident are ongoing, according to the Personal Data Protection Commission.