Singapore Red Cross falls victim to a data breach

A cyber attack suffered by Singapore Red Cross (SRC) has led to the exposure of the personal details of 4,297 donors, the organisation has confirmed.

In a statement, SRC said that suspicious activity was detected by the organisation’s web developer, which was subsequently traced back to the blood donor recruitment area of SRC’s website.

Among data compromised are names, contact phone numbers, emails, blood types, appointment information, blood donation location data and further health details.

SRC has said that other data silos and the Health Sciences Authority infrastructure were not hit by the attack. The incident follows a data breach suffered by Health Sciences Authority in Singapore in January of this year, which led to the leaking of over 800,000 blood donors’ personal data.

The SRC website is currently offline for maintenance, with the organisation stating that operations will go back to normal once investigations and a full security check have been carried out.

External consultants have now been brought in to implement a full forensic audit, hopefully to determine how the intrusion occurred.

SRC’s Secretary General and CEO, Benjamin William, said

“Our immediate priority is to ensure affected individuals and partners are notified, while working with the relevant parties to restore and strengthen our IT systems, safeguard our data, and mitigate any future risks.”

The incident is among a number of healthcare breaches to have hit the Asian city-state over recent times.

Other high-profile cases include a breach whereby the private data of 14,000 HIV patients was uploaded into the public domain by an unauthorised party.

Culpability was eventually traced back to Mikhy K Farrera Brochez, the partner of the former head of Singapore’s National Public Health Unit.

In 2018, authorities in Singapore were hit by a major cyber attack that compromised the confidentiality of over 1.5 million pieces of patient data.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered.