SINGAPORE — An employment agency that suffered a data breach earlier this month issued a statement acknowledging the incident but said it never received a ransom demand to recover the data.
In its initial comments on the attack, Protemps Employment Services said Wednesday (October 27) that most of the stolen data came from fake profiles.
The entire Protemps server had its data stolen and deleted on October 4, and the stolen data was uploaded online three days later.
The hackers claiming the attack called themselves Desorden Group.
The data allegedly contained the personal details of around 40,000 people who had submitted applications to the company.
However, Ms Dorothy Neo, chief executive of Protemps, told the Straits Times on Wednesday that the actual number of people affected was lower than that announced by the hackers.
She said most of the alleged details came from fake CVs sent to the company via spam accounts and only 2,500 real candidates were involved.
Of these, she said only 300 profiles contained “full details”, including education, salaries, contact numbers and addresses.
Desorden Group had made a video showing the stolen files and databases and which included a warning to Protemps to “think carefully”.
However, Ms. Neo said that Protemps did not receive or pay any ransom demand, which is usually the reason for this data theft.
“No ransom note was sent to our vendor or Protemps to pay any amount to secure the release of data on our website,” she said.
“Protemps is committed to supporting its customers in resolving this incident.”
She added that Protemps, which has an office in Paya Lebar Square, contacted those affected to inform them of the breach.