SINGAPORE: The findings of the government review panel on the Accounting and Corporate Regulatory Authority’s (ACRA) NRIC disclosure saga have triggered strong reactions online, with Reddit users voicing frustration over what they perceive as a lack of accountability.
On Tuesday (4 Mar), a Reddit discussion on r/SingaporeRaw gained traction after a comic strip titled “Miscommunication” was posted to highlight the review’s conclusion that the incident was due to miscommunication and coordination lapses, rather than deliberate wrongdoing.
The thread quickly became a platform for Singaporeans to express scepticism towards the government’s assessment of the issue.
Many users criticised the authorities’ handling of the situation, particularly over security lapses, a perceived lack of accountability, and the “no blame culture” approach taken in the review’s conclusion.
ACRA NRIC Disclosure Saga
The controversy arose when it was discovered that full NRIC numbers were being publicly displayed on ACRA’s Bizfile portal due to a misinterpretation of an internal policy directive issued by the Ministry of Digital Development and Information (MDDI) in July 2024.
The directive was intended to phase out the use of masked NRIC numbers in internal government systems, but ACRA mistakenly applied it to its public-facing portal.
Email exchanges between ACRA and MDDI failed to clarify the directive’s intent.
While MDDI used the term “unmasking” as shorthand for discontinuing the use of masked numbers internally, ACRA misinterpreted it as a requirement to display full NRIC numbers publicly.
As a result, when ACRA launched its new Bizfile portal on 9 December 2024, the People Search function inadvertently exposed full NRIC numbers.
The issue sparked public outcry, particularly after former journalist Bertha Henson highlighted it on 12 December. The search function was disabled the following evening.
In response, a government review panel, led by head of civil service Leo Yip, was formed to investigate the matter.
The panel’s report, submitted to Senior Minister Teo Chee Hean on 25 February 2025 and approved for public release by Prime Minister Lawrence Wong on 27 February, concluded that the incident resulted from miscommunication and coordination lapses rather than deliberate wrongdoing.
However, the review identified several shortcomings in how both ACRA and MDDI handled the situation. It found that the policy directive was unclear, security implications were not fully considered, and critical safeguards, such as CAPTCHA, were not implemented.
This lack of protection made it easier for automated programs to extract data. Over 500,000 searches were recorded between 9 and 13 December before the function was disabled, far exceeding normal daily traffic levels.
Sarcasm on the “No Blame Culture” Approach
The government’s “no blame culture” approach in handling the saga drew sarcastic reactions from users, who saw it as a way to avoid accountability.
One user remarked that no one had asked for an apology and mocked the rhetoric, suggesting that people should try using such phrases when their own bosses scold them.
Another user echoed this sentiment, stating, “No blame culture, please, let’s move on.”
Concerns Over Data Security and Lack of Action
Beyond the miscommunication, users also raised concerns over the government’s failure to detect and respond to the mass data exposure in a timely manner.
One user questioned how 500,000 searches were conducted in just five days, suggesting that some individuals had been actively collecting data.
They also criticised the authorities for not detecting the unusually high traffic and taking action sooner.
Another user pointed out that bots had likely scraped the entire database before the government even noticed the breach.
Expressing frustration, the user highlighted the irony of the government constantly warning the public about data protection and scams, only to allow such an amateur mistake to happen on an official platform.
Lack of Accountability
The lack of accountability in the government’s response was another major point of contention.
One user was unsurprised by the issue, noting that communication problems were common in ministries and that any civil servant would confirm this.
One user questioned how mistakes made by the authorities were deemed “honest”, while others faced harsher consequences for similar errors, suggesting that those in power controlled the narrative.
Another user echoed this sentiment, sarcastically remarking that while the government applied an “ownself check ownself” approach, mistakes by others were not excused in the same way.
Others were more direct in their criticism, with one user simply stating, “Zero accountability.”
Another user took issue with the continued collection of high salaries and bonuses by government officials without proper oversight.
They called for Josephine to resign and demanded that salaries be deducted and recouped as a consequence of what they described as a glaring and outrageous blunder.
The post Miscommunication, not wrongdoing? Reddit users react to ACRA NRIC data leak review appeared first on The Online Citizen.
