The latest cohort of National Service (NS) recruits who completed their basic military training over the weekend had their NRIC numbers and pictures published online for a day, before authorities realised the mistake and took down the materials.
The incident happened about a month after a cyber attack on an Internet access system used at military premises caused an unprecedented theft of the personal data of 850 national servicemen and Ministry of Defence (Mindef) employees.
In the latest case, the recruits’ NRIC numbers were emblazoned under their personal portraits that were uploaded onto Facebook last Saturday by the Basic Military Training Centre (BMTC) — a practice to allow servicemen to share the photographs with their family and friends.
Apologising for the “mistake”, BMTC commander Colonel Desmond Yeo said these portraits were taken down by noon the following day “when the oversight was realised”.
He was responding to a reader who wrote in to TODAY’s Voices section to highlight the incident.
Col Yeo did not specify the number of recruits affected, but there are a few thousand recruits in each graduating cohort.
The soft copy portraits of recruits are uploaded online to make the BMT graduation parade a “memorable and meaningful event”, said Col Yeo.
Recruits have also “warmly received” the practice, he added.
In the past, the portraits were manually labelled with a recruit’s platoon, section and bed number, for example.
To speed up the process, the BMTC used a new system for the most recent graduating cohort of recruits.
The labels were automatically generated by scanning the recruits’ Singapore Armed Forces identity cards.
“This resulted in the portraits being labelled by NRIC numbers. No other personal data was released,” said Col Yeo.
“BMTC recognises that making available our recruits’ portraits, labelled together with their NRIC numbers on a platform accessible to the general public, was an oversight. We apologise for the mistake.”
Col Yeo also said the BMTC is reviewing its procedures to prevent a similar recurrence.
A recruit from the affected cohort, who wanted to be known only as Mr Lim, 18, was not aware of the BMTC’s slip-up.
Asked if the leak of personal information was a concern, he said: “Even if it was a mistake, I would assume they’d be able to deal with whatever happens, and if I’ve any concerns, I should be able to approach them and they’d have a proper solution.”
Early last month, a cyber attack on I-net, the system used at military premises to access the Internet, resulted in the theft of the personal data of about 850 national servicemen and Mindef employees, including their NRIC numbers, telephone numbers, and dates of birth.
Classified military information was not compromised in that unprecedented breach — described by Mindef as appearing to be “targeted and carefully planned” — as that is stored on a separate and more secure system which is not connected to the World Wide Web.
Mindef said it disconnected the affected server after the breach was discovered and carried out immediate and detailed forensic investigations.