top of page

S$60,000 FINE WAS IMPOSED ON IT SERVICES PROVIDER


IT vendor for schools Learnaholic and startup honestbee among 5 firms fined S$94,000 by PDPC

FIVE companies, including an IT vendor for schools and embattled startup honestbee, were fined a total of S$94,000 for breaching data privacy laws, the Personal Data Protection Commission (PDPC) announced in documents released on Thursday.


The largest fine of S$60,000 was imposed on IT services provider Learnaholic, for creating a vulnerability in a school's server in 2016 that was later exploited by a hacker to access the data of some 47,802 staff, students and students' parents of various schools.


Learnaholic had been providing attendance-taking systems to schools under a contract with the Ministry of Education. In March 2016, the company opened a port to remotely access a cluster of attendance controllers, but later forgot to close the port.


A file with a Learnaholic representative's email login credentials had also been inadvertently copied to the cluster where the hacker had access. The PDPC noted that the file "contained the proverbial keys to the kingdom". The hacker is believed to have thus accessed the representative's email account, where the unencrypted personal data was stored.