Cyber Incident Victim: HomeTeamNS

On25 February 2025, HomeTeamNS identified a ransomware infection that had encrypted or otherwise restricted access to servers storing employee records for both current and former personnel, as confirmed in a public statement released three days later. The organisation reported that, upon discovery, it immediately took the affected servers offline and isolated them from the rest of its internal IT network to prevent further spread of the malicious code. HomeTeamNS then engaged external cyber‑security specialists to conduct a forensic investigation and to assist with remediation, while simultaneously notifying the Singapore Police Force and the Cyber Security Agency of Singapore of the incident. As part of its immediate response, the organisation reset the passwords for every administrative account and deployed additional security scans and updated firewall rules to strengthen the overall network defence. The statement also noted that the compromised servers contained not only employee data but also vehicle‑related information, such as car plate numbers and in‑vehicle unit details, for a subset of HomeTeamNS members. HomeTeamNS emphasized that, at the time of the statement, there was no indication that any data had been exfiltrated or stolen from the affected systems, although it said it would continue to monitor the environment for any signs of unauthorized access. Members whose personal information resided on the impacted servers were contacted directly by HomeTeamNS and offered assistance on how to recognise and avoid phishing attempts and to safeguard against unauthorised financial transactions. An email sent to one affected member on 3 March 2025, signed by the organisation’s data protection officer, specified that the data stored on the servers included the member’s full name, car plate number, in‑vehicle unit number and membership expiry date. The email explained that the ransomware was detected while technicians were troubleshooting a unrelated network issue and pledged to provide further updates should any significant developments arise during the investigation. HomeTeamNS added that it was working closely with its external cyber‑security consultants, the police and the CSA to ensure a thorough response and to restore normal operations as quickly as possible.

The organisation, which is a non‑profit entity established to recognise the contributions of national servicemen from the Singapore Police Force and the Singapore Civil Defence Force, reiterated that protecting the personal data of its stakeholders remains its foremost priority. It confirmed that, aside from the password resets and network hardening measures already implemented, it would continue to review its security posture and incorporate lessons learned from the incident. HomeTeamNS concluded its communication by stating that, to date, there is no evidence of data theft and that its remediation efforts are ongoing. The organisation said it will maintain vigilant monitoring and will inform members promptly if any change in the situation is identified.