1. On 12 March 2021, it was brought to e2i’s (Employment and Employability Institute) attention that there had been a data incident whereby a malware infected a mailbox belonging to an employee of our appointed third-party vendor, i-vic International. The incident may have resulted in an unauthorised access to the affected mailbox that contained personal data of approximately 30,000 individuals who had used e2i’s services. The potentially affected personal data may include names, NRIC, contact details, educational qualifications and employment details.
2. Given the complexity of the investigations, it has taken time to make an impact assessment. We have worked with the utmost urgency with the vendor to ascertain the nature and extent of personal data that has been potentially affected. Together with the vendor, we have followed up immediately with mitigation measures to tighten the security of email and network systems and will be doing constant checks to monitor closely for any potential vulnerabilities. We are also reaching out to the potentially affected individuals via email/SMS/phone call to inform them about the incident and to provide support on how best to manage the potential risks involved.

e2i remains committed to ensuring personal data is kept safe and secure

3. “We are deeply sorry for the anxiety this data incident may bring to our clients. The protection of our clients’ personal data is of utmost importance to us. Though the malware did not target at e2i directly, cybersecurity threats are real and the protection of personal data is of top priority to us. e2i will be doing constant checks on both e2i’s as well as our vendor’s IT systems. Amid all these measures, I would like to assure that e2i’s operations, services and systems remain unaffected and job seekers can continue to seek employment and employability assistance with e2i,” said Mr Gilbert Tan, Chief Executive Officer of e2i.
4. We are alerting the potentially affected individuals to be vigilant on phishing attempts and monitor for any suspicious activities or requests. If they receive a suspicious email of such nature, or suspect a scam in the works, they may wish to file an online report with the Singapore Computer Emergency Response Team (SingCERT) at https://www.csa.gov.sg/singcert/resources/report-a-phishing-email, or they may also reach out to e2i.
5. For more information, please visit e2i website