Database Breach (Ransomware) on 24th February 2018
On 24th February 2018, hackers infiltrated the database of the DS Human Resource app and deleted all the information that was in the database. The hackers then demanded a ransom from the company.
When we found out about the breach, we shut down the compromised system to prevent any future breach and called the police immediately. Cyber Security Agency of Singapore (CSA) and Personal Data Protection Commission (PDPC) were also being informed of the breach. Our internal investigation concluded that we were affected by a default setting used in MongoDB that had allowed hackers to infiltrate 33,000 databases from last September. (https://www.darknet.org.uk/2017/01/mongodb-ransack-33000-databases-hacked/)
We have worked closely with the authorities and the different agencies in regards to the breach and have engaged 2 independent vendors to conduct a Vulnerability Assessment and Penetration Testing (VAPT) on the revamped system. The VAPT suggested improvements that we could make to make our system more secure. We have since completed the improvements suggested before re-releasing it to all.
It has been an especially difficult week for the team and I as we have let you down. I started this company 3 years ago and this was definitely the biggest setback that I have faced in my years here. The first thing that came to my mind when I found out about the breach was how am I supposed to face you all after you all had placed all your trust on me. I ask for your forgiveness and continued faith in me while I continue to make this company the go-to place for banquet part-time jobs. Some will question the safety of the revamped system and have doubts, please rest assured that the safety protection of your personal information is at the top of my agenda every day.
We have listed a list of questions which we hope would be able to answer your questions. However, the list is not exhaustive, please let me know if you have any questions or enquiries by contacting me on my contact number or through my email.
Q: What were the initial actions taken when the breach was discovered?
A: We shut down all servers immediately and informed the authorities in regards to the breach.
Q: How did the hackers manage to access the database?
A: Our internal investigations revealed that a default configuration on MongoDB 3.4 resulted in the hack. (https://www.theinquirer.net/inquirer/news/3016752/mongodb-hack-26000-databases-whacked-by-ransomware)
Q: What were the measures taken by the company to prevent any future breach?
A: We have strengthened our database through the security checklist (https://docs.mongodb.com/manual/administration/security-checklist/) provided by MongoDB. We have also engaged 2 independent vendors to conduct a VAPT on our system to ensure that it is secured.