70,000 Singaporeans' Data Exposed in SLA Test System Breach
Source: Techgoondu
The personal data of about 70,000 Singaporeans was exposed after an SLA test system meant for anonymised data used real NRIC numbers and property addresses instead. The breach, managed by IBM's cloud environment, is the latest reminder that AI-powered cyber threats are outpacing traditional defences in Singapore's digital landscape.

The Singapore Land Authority (SLA) has confirmed that a test system managed by IBM inadvertently exposed the personal data of approximately 70,000 individuals, including names, NRIC numbers, and past property addresses. What was supposed to be a sandbox environment running anonymised mock data for the Titles Automated Registration System instead contained real records dating back to 1998.
The breach was discovered after unauthorised users accessed the test environment, prompting IBM to immediately revoke access. SLA has assured the public that live operational systems — including the production STARS and eLodgment platforms — were never compromised and remain fully secure. The affected individuals are being notified directly and offered guidance on next steps.
While Singapore has largely avoided major cybersecurity incidents since the landmark 2018 SingHealth breach that affected 1.5 million patients, the complexity of modern digital infrastructure creates new exposure points. Test and development environments, often treated as low-risk zones, have become a growing vector for data leaks across both government and private sector systems worldwide.
Why it matters for Singapore: The incident arrives as Singapore's Cyber Security Agency warns that AI-powered tools are enabling hackers to discover vulnerabilities in hours or even minutes — far faster than traditional defence mechanisms can respond. With the government pushing forward on Smart Nation initiatives that digitise everything from land titles to healthcare records, securing the full pipeline from development to production is becoming as critical as the initial build. The SLA breach is a reminder that even internal test environments, long considered safe, need the same AI-driven monitoring and guardrails as live systems.