Singapore Police confirm names and addresses exposed online after vendor’s systems were compromised.
Singapore authorities are investigating a ransomware-linked data breach that exposed the personal information of 1,300 individuals from traffic police records. The leak has raised concerns over data security in third-party government service providers.
Leak Traced to April Attack
On July 24, the Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) jointly confirmed that the names and addresses of around 1,300 traffic offenders were leaked online. The information was traced back to an April 1 ransomware attack on printing vendor Toppan Next Tech (TNT), which had been contracted to print and mail traffic-related correspondence.
The compromised data was originally provided by the Traffic Police and included names, NRIC numbers, addresses, and details of traffic violations. However, only names and addresses were found online as of July 18.
Traffic Police Systems Remain Secure
Authorities were quick to clarify that the breach did not originate from within the Traffic Police’s own systems. Instead, the leak occurred through TNT’s systems, which had also been implicated in earlier breaches affecting over 11,000 banking customers from DBS and Bank of China Singapore.
“There is no indication that NRIC numbers or violation details have been leaked,” SPF and CSA emphasized, adding that the incident stemmed solely from TNT’s system breach.
Ongoing Investigation and Notifications
SPF said it is contacting affected individuals as a priority and urged them to stay vigilant. Authorities advised monitoring for suspicious communications or account activity, including phishing attempts.
CSA and SPF are currently conducting a deeper investigation into how the ransomware attack unfolded and whether further data was compromised.
Broader Cybersecurity Context
This incident adds to growing public concern about the cybersecurity readiness of vendors handling sensitive government data. TNT’s involvement in multiple high-profile breaches has spotlighted the need for tighter third-party risk management.
Experts say vendors working with government bodies must be held to the same cybersecurity standards as public agencies themselves, especially when managing data as sensitive as national ID numbers and personal addresses.
Public Advised to Stay Alert
Authorities are urging the public not to panic but to adopt safe digital practices. These include verifying sender identities in emails, avoiding suspicious links, and updating passwords for any potentially affected accounts.
Affected individuals are also encouraged to report anomalies or suspected misuse of their personal information directly to the police.
The TNT data breach underscores the critical importance of securing not just government systems but also the networks of third-party vendors entrusted with public data. For Singaporeans and digital citizens across Southeast Asia, the incident is a wake-up call that robust cybersecurity measures and vendor oversight are non-negotiable in today’s threat landscape.
Sources: CNA (2025) , Straits Time (2025)
Keywords: Toppan Next Tech, Traffic Police Records, Singapore Police Force, Cyber Security Agency, Ransomware Attack, Data Leak 2025, Personal Information Compromised
