New Undertakings on 27 March 2025

27 Mar 2025

This month, the Commission has issued two Undertakings.

The new Undertakings reveals breaches stemming from ransomeware attacks and zero-day vulnerabilities, affecting the personal data of over 400,000 individuals.

In response, the affected organisations are to implement remediation plans to rectify the immediate breaches and address any systemic shortcomings to ensure compliance with the PDPA on a continual basis, such as:

  • Conducting vulnerability assessments
  • Ensure servers and systems are updated regularly to the latest OS and software
  • Strengthening access controls and enhancing password complexity

The PDPC has accepted these undertakings having considered the number of affected individuals, the types of personal data involved and the impact of the Incident.

Access the Undertakings here.