The Singapore Democratic Party (SDP) has called for the Ministry of Digital Development and Information (MDDI) to release the circular that allegedly led to the recent unmasking of full NRIC numbers on ACRA’s Bizfile portal.
In a statement released on 21 December 2024, the SDP underscored the serious legal and security implications of the incident, which it described as a significant lapse in government accountability.
The controversy erupted on 9 December, when the updated Bizfile portal allowed public searches that revealed full NRIC numbers associated with business entities. The issue came to public attention on 12 December, after former Straits Times editor Bertha Henson highlighted it in a Facebook post.
While MDDI and the Accounting and Corporate Regulatory Authority (ACRA) have blamed a misunderstanding of a July 2024 circular, the SDP insists that the matter must not remain an internal review between the two agencies.
“This incident has serious security and legal implications,” SDP stated. “It is wholly inadequate and unacceptable for Ministers Teo and Indranee to issue an apology and make vague promises to do better in the future.”
The party pointed to the Personal Data Protection Commission’s (PDPC) guidance, which highlights that NRIC numbers are permanent identifiers and their improper use poses significant risks.
Past cases have seen organisations penalised for mishandling such data, yet the unmasking of NRIC numbers in this instance has been attributed only to poor inter-agency communication.
ACRA Chief Executive Chia-Tern Huey Min acknowledged the misstep but clarified that ACRA had sought clarification from MDDI about the circular’s scope and timeline.
“Communications between the two agencies were not sufficiently clear,” she said during a 19 December press conference.
Minister for Digital Development and Information Josephine Teo admitted to the public’s anxiety caused by the incident, issuing an apology but maintaining that NRICs, as unique identifiers, cannot be treated as confidential.
SDP highlights implications for security and trust
The SDP warned of the potential misuse of NRIC numbers by criminals, especially given Singapore’s reputation as a hotspot for fraud and scams.
A recent study by the Global Anti-Scam Alliance and ScamAdviser revealed that Singaporean victims lose more money on average to scams than those in other countries. SDP argued that the incident has heightened the risk of identity theft and fraud.
“The danger of such information being used by criminals cannot be overemphasised,” SDP stated. “This fiasco is almost certain to add to that vulnerability and further damage the country’s reputation.”
The SDP criticised Ministers Josephine Teo and Indranee Rajah for taking more than a week to address the issue publicly.
The party alleged that their absence demonstrated a lack of leadership, leaving subordinates to face public criticism. “This is not the kind of leadership Singaporeans deserve,” the party stated, calling the delay “unacceptable.”
In its statement, the SDP drew attention to what it described as a pattern of mismanagement and lapses under the ruling People’s Action Party (PAP).
These include the 2018 SingHealth data breach, which compromised the personal data of 1.5 million patients; the 2021 Singtel cybersecurity breach; and revelations that police accessed TraceTogether data despite earlier assurances of limited use.
“These are just some examples of how incompetent leadership, demonstrated by PAP Ministers, has affected Singaporeans and eroded their trust in the government,” the SDP said.
Calls for full disclosure
The SDP demanded the release of the July 2024 circular and all related correspondence between MDDI and ACRA to clarify how the lapse occurred. The party argued that the public has a right to know what led to the unmasking of sensitive data and who should be held accountable.
“As public servants, members of the government and civil service are answerable to the people of this country,” SDP stated. “They must hold themselves accountable in a manner that reflects their duty of care to uphold the social contract for the good of Singapore.”
The SDP also criticised the government’s handling of past crises, stating that the unmasking controversy is the latest in a long list of failures that have eroded public trust. The party reiterated its demand for transparency, stating that only full disclosure of the circular and communications could ensure accountability and restore confidence.
ACRA has since disabled the “People” search function on the Bizfile portal, with plans to relaunch the feature without NRIC numbers in the week of 23 December. Meanwhile, MDDI and ACRA have promised enhanced coordination to prevent future lapses.
Despite these assurances, the SDP insists that more must be done. “The public must be informed of what went on and who is to be ultimately held accountable,” the party stated. “Singaporeans deserve better.”