In one of the worst cases of a data breach in Singapore, the HIV statuses of around 14,200 people have been leaked online. The list includes data of about 5,400 natives and 8,800 foreigners.
“We have worked with the relevant parties to disable access to the information. We are sorry for the anxiety and distress caused by this incident. Our priority is the wellbeing of the affected individuals. Since 26 January, we have been progressively contacting the individuals to notify them and render assistance,’ according to a Ministry of Health (MOH) release.
Information of about 2,400 people who maintained contact with the patients was also leaked. Out of the 5,400 natives whose information was compromised, 1,900 have already passed away. In addition to HIV status, names of the patient, identification numbers, addresses, phone numbers, and medical information have also been compromised.
The man behind the leak, Mikhy Farrera Brochez, is a resident of the United States who lived in Singapore between 2008 and 2018. The people whose HIV status has been leaked are now afraid of facing repercussions from family, friends, and employers. Homosexual men are at higher legal risk from the leak since Singaporean law punishes people engaging in such relationships with a prison term of two years. However, since the law is not always enforced, many are hoping that the leak does not get them into trouble with the authorities.
“This reminds us of the insufferable stigma, fear, and discrimination that continues to surround people living with HIV in Singapore today… Those of us who live without HIV cannot begin to imagine the shock, distress, pain, and betrayal they must be going through right now,” Leow Yangfa, a spokesman for LGBT charity Oogachaga, said to CNN.
History of illegal activity
Brochez has a history of illegal activity behind him. Until 2016, Singapore had a law that banned HIV positive foreigners from entering the country. Even though he was HIV positive, Brochez lied about it to the Ministry of Manpower so that he could continue living in Singapore. He was assisted by his partner, Ler Teck Siang, a former head of the MOH’s National Public Health Unit.
As per media reports, Brochez had submitted Siang’s blood samples as his own to the Ministry of Manpower. It was through Siang that Brochez came to access the database of HIV positive individuals in Singapore and copied it. Siang was sentenced to 24 months in jail for allowing Brochez to switch blood samples. Brochez was deported from the country in May 2018 after a 28-month prison term because of his involvement in “numerous fraud and drug-related offenses.”
Singaporean authorities are currently trying to track Brochez and are believed to be in contact with American law enforcement agencies for this purpose. The police have also declared that anyone sharing the HIV status data can be fined up to US$1,500 and face jail time of two years.
This is the second major cyber-attack on Singapore’s health database in recent times. A few months earlier, medical information of about 1.5 million people was stolen by hackers, including data of the country’s Prime Minister Lee Hsien Loong and other government officials. This is seen as the “most serious breach of personal data” in Singapore’s history.