ICA Online Service Breached by Unauthorized Address Changes
In a shocking turn of events, seven individuals have been apprehended for their involvement in a string of unauthorized attempts to alter registered residential addresses through the Immigration & Checkpoints Authority’s (ICA) e-service. This news comes hot on the heels of ICA’s disclosure that malefactors were taking advantage of pilfered or compromised Singpass accounts to deceptively modify the addresses of unsuspecting individuals.
Arrests Made in Island-Wide Police Operations
A crackdown ensued between Jan 11 and Jan 13, with over 60 officers from the Criminal Investigation Department and Police Intelligence Department collaborating on a series of island-wide operations that culminated in the arrest of seven suspects. These offenders, comprising six men and one woman aged between 19 and 32, are believed to be connected to a minimum of 30 cases involving unauthorized address changes.
The suspects are currently under investigation for potential violations of the Computer Misuse Act 1993, with six facing charges related to the unlawful disclosure of access codes. One individual is being scrutinized for unlawfully revealing a Singpass password or access code, potentially leading to charges under the same act.
Electronic Change of Address Service Restored
In an effort to safeguard its e-services, ICA has partially reinstated the electronic change of address (eCOA) service for the “Myself” module, accompanied by enhanced security protocols. However, the “Myself and my family members” and “Others” modules remain suspended as a precautionary measure.
Individuals utilizing the “Myself” module are now mandated to undergo face verification during Singpass account login to prevent unauthorized access. Despite these measures, investigations have uncovered 87 attempts to change residential addresses, with 69 alterations successfully executed. Out of these changes, 17 Singpass accounts fell under the control of the perpetrators.
Advisory and Ongoing Investigations
ICA has reached out to the affected individuals in all 87 cases, ensuring the replacement of their identity cards and restoration of their legitimate registered address in the database. Furthermore, the compromised Singpass accounts have been reset or suspended, with collaboration between ICA, GovTech, and relevant entities to mitigate potential risks associated with the breach.
As investigations continue to identify additional culprits, ICA urges the public to verify their registered address on the agency’s website and report any inaccuracies promptly. The authority extends its gratitude to the public for their understanding and patience during this challenging period of heightened security measures.
Stay vigilant, stay informed, and stay protected – your security matters.