Notice of Cyber Security Incident
We at “K” Line Pte Ltd know and appreciate the trust you place in us to safeguard your personal data. Early this year, we became aware of an incident affecting our systems containing personal data. If you have previously been employed with us or had provided us with your personal data, please contact us at email@example.com to check if your personal data has been affected.
Please refer below for more details.
Cyber Security Incident
On 18 March 2021, we were alerted by our overseas affiliate of a suspected malware attack on our local IT environment. As soon as we were alerted, we contained the incident. All data from the compromised servers have been recovered and we have since restored the data onto our new servers.
The following technical measures have been put in place to contain the incident: –
- Isolated all compromised network by disconnecting all servers locally and disconnecting any third party interface connections;
- Firewall filtering;
- Closing of affected port servers;
- Quarantine of device on which malicious script was detected;
- Twice daily scans by all staff to detect suspicious users/activities;
- Engagement of Trend Micro to provide deep scans on affected servers;
- Engagement of forensic investigators to undertake computer forensic investigations to identify root cause of the data incident (if possible) and identify the data that have been exfiltrated (if any) on the compromised servers; and
- Performed a password reset for all staff.
We are also collaborating with the relevant authorities.
The data from the compromised servers may have included personal data such as name, address, mobile number, salary, bank account numbers, life and health insurance information and family details for insurance enrolment or scholarship applications.
To prevent the further occurrence of any cyber attacks and to strengthen our IT security, we are committed to the following:
- Review of our existing security framework;
- Review of our current policies to determine areas for improvement;
- Fortifying security infrastructure as a whole by reviewing server rights and access and upgrading firewall capabilities; and
- Engaging third parties to perform active 24/7 monitoring of network/systems abnormalities and independent security audits and tests to detect vulnerabilities.
As an added security measure, please stay vigilant for suspicious or spam emails, e.g, emails requesting for personal or sensitive data.
We apologise for the inconvenience and disruption caused by the incident and wish to assure you that we are committed to keeping your personal data safe and secure and we will take the necessary steps to minimize the occurrence of a similar incident in the future.
Should you have any questions or require more information, please email us at our dedicated email address: firstname.lastname@example.org.