A major breach in SingHealth developed over the weekend, affecting approximately 1.5 million citizens of Singapore. The data, which was taken over a period of eight days before the exfiltration was discovered, included name, National Registration Identity Card (NRIC) number, address, gender, race, and date of birth. For some 160 thousand patients, the data taken included details of medicines they'd received.
Singapore officials, while acknowledging the value the data could have if monetized by criminals, think the operation was run by a nation-state. Many have praised the government's response—FireEye pointed out to Bleeping Computer that detection within eight days is orders of magnitude below the regional norm of four-hundred-ninety-eight days—but the incident has prompted calls for a reboot of Singapore's Smart Nation initiatives.
The New York Times, Infosecurity Magazine, TechCrunch, and others report UpGuard's claims that Level One Robotics, which supplies major manufacturers, left 157GB of data exposed on a publicly accessible server. Data from VW, Chrysler, Ford, Toyota, GM, Tesla, and ThyssenKrupp included assembly line schematics, plant floor plans, robotic configurations, request forms for ID badges and VPNs, and non-disclosure agreements.
The Aspen Security Forum wrapped up Saturday after clear, direct warnings from senior US intelligence and law enforcement officials that Russian hacking remained a significant threat to the US. DNI Coats warned of the possibility of a "cyber 9/11," DHS Secretary Nielsen called out Russian interference in elections, and Deputy Attorney General Rosenstein said Russia's not the only cyber power everyone ought to be concerned about.