July 2022 PDPC incidents and undertaking — Privacy Ninja

July 2022 PDPC incidents and undertaking

July 14: Audio House’s breach of the Data Protection Obligations

July 14: Terra System’s breach of the Data Protection Obligations

July 14: Quoine’s breach of the Data Protection Obligations

July 14: The directions issued to Crawfort

July 14: Undertaking by HSL Constructor

  1. Implement multifactor authentication for all administrator access, for users with administrative privileges, and for accounts with access to sensitive data/ systems;
  2. Supplement existing email reminders on cybersecurity best practices with regimented user awareness training;
  3. Decommission all servers running Windows Server 2008 R2 and below;
  4. Install endpoint protection on all servers;
  5. Patch all servers and firewall;
  6. Reset all admin account passwords; and
  7. Close unused ports on its firewall.

July 14: Undertaking by Asia Petworld

  1. Reformat each PC and desktop in its warehouse and office and install a clean Windows 10 environment;
  2. Reset all Windows passwords and implemented a password length of at least 20 characters long with complex requirements. Users were also reminded not to store passwords in plain text. Further, APPL also applied a password on documents containing personal data when transmitted over the internet;
  3. Enabled 2FA on all available applications and services;
  4. Implement staff training to enhance knowledge in personal data, safety, and cyber security knowledge; and
  5. Harden system access, including enhancing access controls, performing regular patching, etc.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Privacy Ninja

Privacy Ninja

Privacy Ninja is Singapore’s leading cybersecurity & data protection firm offering the most affordable services, like outsourced Data Protection Service & VAPT.