This month, the Commission has issued three Undertakings.

The new Undertakings reveals breaches stemming from various ransomware attacks due to exploitation of administrative accounts, inadequate access controls implemented and weak password security, affecting the personal data of over 14,477 individuals. 

In response, the affected organisations are to implement remediation plans to rectify the immediate breach and address any systemic shortcomings to ensure compliance with the PDPA on a continual basis, such as:

• Implement mandatory single sign-on and enable two-factor authentication for selected accounts
• Implementing encryption to mask personal data
• Implement security solutions to improve threat detection and response
• Conduct training for employees on the organisation's security protocols

The PDPC has accepted these undertakings having considered the number of affected individuals, the types of personal data involved and the impact of the Incident.

Access the Undertakings here.