Friday, 3 July 2026Live global desk
GlobalPulse
The world, tracked in motion
Business

Data of 70,000 people compromised in cybersecurity incident involving SLA’s vendor IBM

The Singapore Land Authority is investigating a data breach involving IBM that exposed the NRIC numbers, names, and past property addresses of approximately 70,000 people.

Data of 70,000 people compromised in cybersecurity incident involving SLA’s vendor IBM
Data of 70,000 people compromised in cybersecurity incident involving SLA’s vendor IBM

Data of 70,000 people compromised in cybersecurity incident involving SLA’s vendor IBM

The personal data of approximately 70,000 individuals has been compromised following a cybersecurity incident involving the Singapore Land Authority (SLA) and a cloud environment managed by its vendor, IBM.

According to a media release issued on Friday, July 3, the breach occurred due to unauthorized access to a specific data set. This data set had been created for vendor development and testing purposes. IBM is responsible for managing the systems-integration testing environment and development for the eLodgment System (ELS) and the Singapore Titles Automated Registration System (STARS).

Preliminary findings indicate the affected data set was originally established in 1998. While the data was updated periodically over the following years, it was intended to consist solely of anonymized and mock records based on lodgment and property ownership. However, the SLA discovered that the set actually contained real personal information, including NRIC numbers, names, and past property addresses of about 70,000 people.

"This information should have been anonymised but was not,"

SLA, via channelnewsasia.com

The SLA stated that investigations are currently underway to determine why the anonymization process failed.

The agency clarified that the compromised environment managed by IBM is separate from the operational systems used by the authority. There was no compromise or connection to the live systems used for ELS or STARS, and property lodgment and ownership records within those systems remain secure.

In response to the incident, IBM has revoked access to the impacted system to stop further unauthorized entry. The SLA has begun the process of notifying affected individuals and providing guidance on assistance steps.

The authority is collaborating with the Cyber Security Agency of Singapore, the Government Technology Agency of Singapore, and IBM to establish the full facts of the event and implement remedial measures. Additionally, the SLA has notified the Personal Data Protection Commission and filed a report with the police.

The SLA has apologized for the inconvenience and cautioned the public to stay vigilant against telephone calls, text messages, phishing websites, or phishing emails from parties claiming to represent other organizations or government agencies.

Broader Context of Third-Party Risk

The incident involving the SLA and IBM reflects a wider trend of vendor-related vulnerabilities. Data from 2025 indicates that nearly 60% of all breaches originate from third-party vendors, according to the Global Third-Party Breach Report by SecurityScorecard.

Similar vulnerabilities were seen in other sectors throughout 2025. In July 2025, Allianz Life Insurance Company of North America experienced a breach affecting most of its 1.4 million U.S. Customers after attackers used social engineering to infiltrate a third-party cloud-based customer relationship management platform.

Other recent high-profile incidents highlight the persistence of these risks. In 2026, GitHub confirmed the loss of about 4,000 developer code repositories, while the travel company Carnival Corporation disclosed a breach affecting almost 6 million customers. In the healthcare sector, Xsolis, Inc. Reported a phishing attack in January 2026 that affected as many as 1,396,519 individuals.

Reporting based on coverage by tech.co.

Related stories