Cyber Incident Victim: ST Logistics
Date:
Dec 2019
Location:
Singapore
Summary
A vendor contracted by Singapore's Ministry of Defence experienced a data breach when employee email accounts were compromised through phishing attacks, potentially exposing personal information including full names, national identification numbers, contact details, and residential addresses of approximately 2,400 military personnel. The affected organization conducted forensic investigations with external cybersecurity support and reported the incident to national data protection authorities, while preliminary findings indicated possible data exfiltration. The defence ministry emphasized reviewing vendor cybersecurity standards and initiated notifications to impacted individuals, though its own systems remained unaffected. This incident occurred alongside a separate ransomware attack on another contractor, collectively compromising sensitive data of over 120,000 individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The ST Logistics data breach occurred in December 2019 when the company, a long-term vendor for Singapore's Ministry of Defence (MINDEF) and Singapore Armed Forces (SAF) since 1999, experienced unauthorized access to its systems through email phishing attacks targeting employee accounts. Attackers compromised workstations containing working files with personal data of approximately 2,400 MINDEF/SAF personnel. The exfiltrated information included full names and NRIC numbers alongside combinations of contact numbers, email addresses, and residential addresses. Preliminary investigations conducted by ST Logistics indicated a likelihood that this personal data had been leaked outside the organization. The company, owned by Japan Post, responded by initiating extensive forensic investigations through its internal cybersecurity team supplemented by external cybersecurity experts. ST Logistics reported the incident to Singapore's Personal Data Protection Commission (PDPC) and the Singapore Computer Emergency Response Team (SingCERT), with PDPC subsequently opening an investigation into the breach.
MINDEF confirmed the malware incident did not affect its own systems or operations but compromised the confidentiality of personnel data held by ST Logistics. The ministry began notifying affected individuals starting December 21, 2019, and emphasized it would review vendor cybersecurity standards to ensure adequate protection of sensitive information. Defence Cyber Chief Brigadier-General Mark Tan stated the breach highlighted risks in third-party data handling, while MINDEF announced it was engaging all vendors holding personnel data to strengthen IT security measures. The incident formed part of a broader pattern of 2019 Singaporean data breaches, including separate ransomware attacks on another MINDEF vendor (HMI Institute) compromising 98,000 SAF personnel records, healthcare data exposures, and government-related credential leaks. These cumulative incidents had previously prompted the April 2019 formation of Singapore's Public Sector Data Security Review Committee to overhaul government data protection frameworks. ST Logistics' breach underscored persistent vulnerabilities in supply chain cybersecurity despite heightened national attention to digital defense following major prior incidents like the 2018 SingHealth breach affecting 1.5 million patients.