Is she a new tcs actress? Damn bo Liao video. Sibei lame .  

We are not Chinese    We are Singaporean 

SINGAPORE - IT vendor Ezynetic has been fined $17,500 for failing to protect its clients’ data, which resulted in more than 190,000 individuals’ personal data being stolen and put for sale on the Dark Web. Ezynetic had failed to put in place reasonable security arrangements to protect the personal data in its possession or under its control, the Personal Data Protection Commission (PDPC) said on July 3 via a statement on its website. At the time of the breach, which Ezynetic uncovered on June 24, 2024, the company was operating an IT system linked to the Moneylenders Credit Bureau platform operated by Credit Bureau Singapore.   Enzynetic’s affected clients – previously identified as moneylenders Ban King Credit, Credit 21, Lending Bee, Katong Credit, Credit Thirty3, GS Credit, 1AP Capital, Creditmaster, BST Credit, U Credit, Horison Credit and Credit Matters – would input personal data of their prospective loan applicants and borrowers into the money lending system.   This would allow them to verify the applicants’ and borrowers’ loan eligibility, generate MLCB credit reports and profit and loss reports, as well as track loans, instalments, collections and payments. In a judgment, the PDPC said that investigations found that a threat actor had exploited a vulnerable web service application to gain access and control of Ezynetic’s system administrator account to access the money lending system. After gaining access to the money lending system, the threat actor obtained the personal data of the affected individuals.   The data stolen included a combination of the name, address, e-mail address, telephone number, NRIC number, date of birth and the financial information available in the MLCB credit reports of 190,589 individuals. These individuals were notified of the incident on July 1, 2024.   PDPC, which was informed of the incident on June 26, 2024, said its investigations revealed that Ezynetic had failed to disable or adequately secure the system administrator account, which is often targeted by malicious users. The account password at the time of the incident, which was p@ssword1 or Password@1, was susceptible to brute force attacks, wherein hackers repeatedly try to gain access to systems by trying different passwords.   Ezynetic was also found not to have performed any periodic vulnerability assessment or penetration testing of its infrastructure, said the commission. Following the incident, Ezynetic rebuilt its entire network and migrated to a cloud environment for its servers, and implemented enhanced security measures for the new network after consultations with the Cyber Security Agency of Singapore and the Ministry of Law. PDPC’s decision Under the Personal Data Protection Act (PDPA), which Ezynetic was found to have breached, organisations must protect personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification or disposal, or similar risks. Its failure to conduct a reasonable periodic security review also amounted to a breach of the PDPA; according to PDPC’s checklists to guard against common types of data breaches, organisations should, as a basic practice, periodically conduct web application vulnerability scanning and assessments. PDPC said that a fine was appropriate, as Ezynetic was a Software-as-a-Service provider, which should possess the necessary technical expertise to implement reasonable cyber security measures to address the evolving threats. According to Microsoft’s cloud computing platform Azure, Software-as-a-Service, or SaaS for short, is a cloud-based model where software applications are hosted by a service provider and accessed over the internet. SaaS providers manage the underlying infrastructure, security, maintenance, and updates. Ezynetic was also directed by the PDPC to obtain Cyber Security Agency of Singapore’s Cyber Trustmark Certification for its new IT network and report to the Commission on its completion. Such marks certify good cyber-security practices, helping companies benchmark and show their preparedness to meet new risks,   On Dec 2, Ezynetic was informed of PDPC’s preliminary decision, and the following day, it sought a waiver or reduction to the fine. The firm cited its financial commitment to mitigating the breach, its losses as a result of ongoing disruptions caused by the breach, and that it had cooperated with all regulatory bodies throughout the investigation. However, PDPC rejected this, as Ezynetic’s financial commitment was a “necessary part of its obligation to implement reasonable security arrangement” under its protection obligation, and that Ezynetic’s cooperativeness was already taken into account while determining the fine amount. “Whilst (Ezynetic) did provide some invoices showing that it had incurred expenses to implement remedial measures, these did not show that (Ezynetic) is in such a dire financial situation that the imposition of a financial penalty of $17,500 would adversely impact its ability to continue its business,” said PDPC.   As a result, the PDPC said Ezynetic was required to pay the fine within 30 days of from the date of the relevant notice accompanying its decision. If it does not do so, interest will be accrued until the fine is paid in full. The firm will also be required to obtain Cyber Trustmark Certification for its new IT network within 9 months from the date of PDPC’s decision, and has to report to the commission within 14 days of doing so.  

moi oso got relatives in swatow