Xinmin Secondary School students' NRIC numbers leaked on file sharing site Pastebin
SINGAPORE - The NRIC numbers of hundreds of students at Xinmin Secondary School were leaked in the second known data breach by a Ministry of Education (MOE) school since March 2015.
The information was posted a few months ago on file-sharing website pastebin.com, but The Straits Times understands that it has since been taken off the site and a police report has been made.
When contacted, a spokesman for MOE said: "In line with government IT security policies, MOE has stepped up efforts to work with schools and ensure that their security measures continue to be effective."
She added: "As investigations are ongoing, we are unable to share more."
In March 2015, the personal data of more than 1,900 pupils from Henry Park Primary School were exposed.
An Excel spreadsheet containing the children's particulars was mistakenly sent out to about 1,200 parents as part of an update about a school event. The file contained the names and birth certificate numbers of all 1,900 pupils in the school, and the names, phone numbers and e-mail addresses of their parents.
MOE schools such as Xinmin Secondary and Henry Park are exempted from the Personal Data Protection Act, fully enforced from July 2014. The Act requires organisations to take "reasonable measures" to protect personal data in their possession.
Instead, MOE schools are governed by public-sector rules, which have not been made public.
Technology lawyer Bryan Tan of Pinsent Masons MPillay said: "The Government said that its standards are more stringent than those that govern the private sector. But when a public incident like this happens, we can assess whether the first statement is true."
Lawyer Mr Koh Chia Ling from law firm OC Queen Street said that the students have no recourse. "Even if they do, it might be difficult for them to show any loss suffered from negligence or breach of contract," he said.