No banking details leaked in PCF Sparkletots pre-school data security incident

No banking details leaked in PCF Sparkletots pre-school data security incident

by


SINGAPORE – No banking details were compromised in the recent data security incident involving LittleLives, PAP Community Foundation (PCF) Sparkletots pre-school’s vendor for its student management system.

Based on the latest findings, the source of the incident was a compromised user account used by LittleLives, the school said in a statement on June 7.

It added that photos and developmental records of pupils are hosted on a separate system, and are not part of the data accessed nor stored with LittleLives.

“PCF Sparkletots has been engaging closely with LittleLives and its appointed professional services to understand and support ongoing investigations,” the school said.

LittleLives is still investigating the incident to determine its full extent and PCF Sparkletots is receiving regular updates.

“We take our accountability for data protection seriously and will continue to provide updates should there be any significant developments,” PCF Sparkletots added.

PCF Sparkletots’ management had notified parents and guardians of the potential breach in a letter dated June 1, that was seen by The Straits Times.

The letter said “a portion” of the pupil management system used by the school was accessed without authorisation.

On June 2, a spokesperson said that, based on a preliminary report, the unauthorised access had been contained and there was “no confirmation that any data has been viewed, downloaded or misused”.

The spokesperson added that the school had been informed of the incident by LittleLives.

The school also said then that it has lodged reports with the Personal Data Protection Commission (PDPC) and the police, and is “in close contact with the Early Childhood Development Agency (ECDA)”.

PDPC told ST on June 2 that it is aware of the incident and that it is investigating. ECDA noted that PDPC and police investigations are ongoing and that PCF is working with LittleLives to assess the full scope of the incident.

The Cyber Security Agency of Singapore, meanwhile, said it has reached out to LittleLives to advise it on recovery measures.

According to PCF Sparkletots’ letter, the information that was involved in the incident included:

  • Pupil name and identification details

  • Class and centre information

  • Parent/guardian contact details

  • Invoice-related information

  • Payment status or fee descriptions

Those with questions or concerns were encouraged to contact the school via e-mail at pcfhq@pcf.org.sg



Source link