pdpc_decisions_version_detail (view)
2 rows where title = "Breach of the Protection Obligation by Singtel"
This data as json, CSV (advanced)
Suggested facets: _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 112 | 112 | 1 | 952 | A financial penalty of $9,000 was imposed on Singtel for failing to put in place reasonable security arrangements to prevent the unauthorised disclosure of personal data of some of its customers via its My Singtel mobile application. | [
"Protection",
"Financial Penalty",
"Accommodation and F&B"
] |
2020-02-11 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Decision---Singapore-Telecommunications-Limited-311219.pdf | Protection | Breach of the Protection Obligation by Singtel | https://www.pdpc.gov.sg/all-commissions-decisions/2020/02/breach-of-the-protection-obligation-by-singtel | 2020-02-11 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 49 Case No. DP-1802-B1732 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Singapore Telecommunications Limited … Organisation DECISION 1 Singapore Telecommunications Limited Yeong Zee Kin, Deputy Commissioner — Case No DP-1802-B1732 31 December 2019 Introduction 1 On 21 February 2018, the Personal Data Protection Commission (the “Commission”) received a complaint from an individual mobile subscriber of Singapore Telecommunications Limited (the “Organisation”) asserting that when the subscriber accessed account details using the Organistion’s “MySingTel” mobile application (the “App”), the subscriber was able to view the personal information of another subscriber. Facts of the Case 2 The Commission’s investigations revealed that due to a technical issue that occurred during a limited period, certain mobile subscribers of the Organisation were able to view the personal data of other subscribers when they used the App (the “Incident”). The Incident took place over a period of approximately 11 hours on 20 February 2018 and the personal data of 750 subscribers (the “Affected Subscribers”) were exposed to the risk of access by other subscribers. Of these, the personal data of 39 subscribers were, in fact, accessed by other subscribers. The specific cause of this incident is described below. 3 The Incident arose during the Organisation’s migration of its database of mobile customer accounts from its existing billing system (the “Existing System”) to a new billing system (the “New System”). [Redacted]. 4 However, an issue arose when there was a mobile number previously assigned to a subscriber (“historical numbers”) that was subsequently reassigned to another subscriber. One situation in which this happened was when a subscriber ported over an existing mobile number from another mobile telephone operator to the Organisation. In order to effect the porting over, the Organisation would first issue the subscr… | Financial Penalty | e2d462d64ec0e10bc672b4850fabd12bb0f0d993 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 133 | 133 | 1 | 952 | A financial penalty of $25,000 was imposed on Singtel for failing to put in place reasonable security arrangements to protect the personal data of users on its My Singtel mobile application. | [
"Protection",
"Financial Penalty"
] |
2019-11-04 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision---Singapore-Telecommunications-Limited.pdf | Protection | Breach of the Protection Obligation by Singtel | https://www.pdpc.gov.sg/all-commissions-decisions/2019/11/breach-of-the-protection-obligation-by-singtel | 2019-11-04 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 36 Case No DP-1705-B0781 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Singapore Telecommunications Limited … Organisation DECISION 1 Singapore Telecommunications Limited [2019] SGPDPC 36 Tan Kiat How, Commissioner — Case No DP-1705-B0781 12 September 2019 Background 1 This case concerns a design issue in a previous version of Singapore Telecommunications Limited’s (the “Organisation”) “My Singtel” mobile app (the “Mobile App”), which resulted in the unauthorised disclosure of the personal data of the Organisation’s customers. The current version of the Organisation’s Mobile App does not have this design issue as it has been fixed. 2 On 17 May 2017, the Personal Data Protection Commission (the “Commission”) received information from an anonymous informant alleging that there was a vulnerability in the Organisation’s Mobile App, which allowed the informant to access the account details of other customers (the “Data Breach”). Following an investigation into the matter, the Commissioner found the Organisation to be in breach of section 24 of the Personal Data Protection Act 2012 (“PDPA”). The Commissioner sets out below his findings and grounds of decision. 1 Singapore Telecommunications Limited [2019] SGPDPC 36 Material Facts and Documents 3 The Organisation is a telecommunications company in Singapore. The Mobile App was developed by the Organisation’s IT team to enable its customers to track their account information and manage add-on services. Communications between the Mobile App and the Organisation’s servers are conducted via Application Programming Interfaces (“API”). 4 The Organisation’s customers can login to the Mobile App via the following methods: (a) Mobile Station International Subscriber Directory Number (“MSISDN”) login: where a customer’s mobile phone is connected to the Organisation’s mobile data network (3G/4G), the Organisation’s servers will verify that the MSISDN and … | Financial Penalty | 1cfca0515da19cdcbdfd450d34bfa1d3c2583b97 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;