Cyber Incident Victim: Meridian Secondary School
Date:
Aug 2017
Location:
Singapore
Summary
A Singapore secondary school's website hosting an online art competition was compromised by hackers, prompting a police report and immediate takedown of the affected platform. The standalone system breach led the institution to notify all registrants to reset passwords and monitor for suspicious activity, while extending competition submissions via email. Preliminary investigations indicated the intrusion was contained without compromise of personally identifiable data. Authorities collaborated with the school to address the incident, which occurred amid broader cybersecurity challenges faced by educational and government entities in recent years.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 29, 2017, hackers breached the Young Illustrator Award website administered by Meridian Secondary School in Pasir Ris, Singapore. The standalone system hosted an online art competition open to primary and secondary students nationwide. The school’s vendor managing the site detected the intrusion on August 30—one day before the competition’s original closing date—and alerted the institution. Meridian Secondary promptly took the compromised website offline and filed a police report. Administrators contacted all registered participants to instruct them to change passwords and report any suspicious activity. Competition submissions were redirected via email through instructions posted on the Young Illustrator Awards’ Facebook page, with deadlines extended to September 8.
The Ministry of Education (MOE) investigated and preliminarily determined the breach was "fairly contained," confirming no personally identifiable data was compromised. MOE emphasized compliance with government IT security policies requiring vendors to uphold equivalent data protection standards. The ministry also referenced its existing IT security education program for staff across schools and headquarters to safeguard sensitive data. This incident occurred amid broader cybersecurity targeting of Singaporean education institutions and government agencies, including 2017 breaches at the National University of Singapore, Nanyang Technological University, and the Defence Ministry, alongside the 2014 SingPass compromise affecting 1,500 users. No additional Meridian Secondary systems were affected due to the website’s isolated infrastructure.