SINGAPORE – The personal details of some 40,000 job seekers have been disclosed online, following a cyberattack on an employment agency here.
Protemps Employment Services, which has an office in Paya Lebar Square, saw its entire server looted and removed earlier this month.
The personal data of approximately 40,000 people who submitted applications to the company have since been posted.
Details include scans of their ID cards or passports, phone numbers, salaries, jobs, and home addresses.
Most of the job seekers appeared to be Singaporeans.
The hackers, known as the Desorden Group, said they were behind the attack on October 4, bragging about their break-in on hacking forums on October 7.
They made a video showing the stolen files and databases, with a message to Protemps, saying they had stolen all the files from the server and cleaned them up.
He also came with a warning for Protemps to “think carefully”.
The video was reportedly sent to Protemps with a ransom note.
On October 14, Desorden Group put the entire database online, making it accessible for € 2.10 (S $ 3.30).
Since then, at least 60 different entities have accessed it.
A spokesperson for the Personal Data Protection Commission (PDPC), which is part of the Infocomm Media Development Authority (IMDA), said Protemps informed the commission and is investigating the incident.
The Straits Times has contacted Protemps for comment.
The Protemps website, which was taken offline following the attack, appears to have been partially restored Thursday, October 21.
Desorden Group is known to target organizations related to supply chains. Its name is Spanish and translates to “disorder and chaos”.
Its modus operandi is to steal data from its targets and demand a ransom. When the victims do not pay, the group then sells the data on the black market.