Employment Network ‘e2i’ Leaked Personal Data of 30,000 People

Last updated September 25, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

NTUC’s e2i (Employment and Employability Institute) has had a data breach incident that has resulted in the exposure of the personal details of about 30,000, according to a media statement shared with Channel News Asia. Reportedly, the incident took place on March 12, 2021, so it’s been three weeks already. The breached entity states that someone managed to gain unauthorized access to a mailbox that contained the personal data of approximately 30,000 individuals, users of the e2i services.

e2i is a platform that connects workers and employers in Singapore, offering technical solutions relevant to job-matching, career guidance, skills upgrading, continuous professional development, manpower need changes, auto-recruitment, training, job redesign solutions, and more. Being on the top-3000 most visited sites in Singapore, the platform is bound to have many more members than the 30,000 that were exposed by this incident, so we would suppose that the attack must have been mitigated.

The details stored by e2i and subsequently accessed by the infiltrators include full names, NRIC, contact details, education qualifications, previous employment details, and everything else that one needs when going job hunting. The official excuse for delaying the public notice even though the compromised data was very sensitive is that the organization needed time to fully evaluate the breach's impact and worked with a third-party expert to help them speed up the investigations.

Those affected by this incident should receive an email and SMS directly from e2i, as this is what the organization promised in the media statement. Thus, if you are a member of the platform and you haven’t received direct communication from them, it means your details aren’t included in the breach.

As for the technical and practical details of the attack itself, e2i chose not to share much on that part besides that there’s some kind of malware involved which allegedly did not target them directly. Could this mean that they've had a worm-style ransomware or botnet reaching farther than it was supposed to? We know that Ryuk has added this capability on its latest variants, but for now, we are limited to pure speculation.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: