Massive HIV Data Leak; No Closure Yet!

Singapore: Finally the authorities have come up with some background details as to the circumstances that led to 14,200 people’s personal details along with their HIV status leakage.

The lingering questions, ever since the data was compromised have been intriguing. Such as, the reason behind not making it public in May 2016 when it was known that the information was in wrong hands?

According to a recent media briefing the Permanent Secretary of Health, cited that the ministry of health did wasn’t sure as to the whether the news’ being public was in the interest of the citizens.

They did mention though that they will take conservative measures and better approaches now that they know the persons in registry have concerns regarding a public announcement.

It’s disturbing that years after the incident took place no one knows why the data still remained with the unauthorized people.

According to sources, the Ministry of Health had lodged a police report in May 2016 after finding out that Mikhy Farrerra Brochez was in custody of the leaked information from the HIV registry.

After, the properties owned by Brochez and his partner Ler Teck Siang were searched by the police officials and all pertinent material found was seized.

Even after that Brochez managed to keep some information back and in turn leaked it later on. The Permanent Secretary of Health voiced that the police should have had a better search.

It was later in May 2018 when the people whose information as in the “unauthorized” hands were informed a\bout the entire leakage scenario.

In May 2018 the police found out that Brochez had managed to hold some records back which was a month after Brochez completed serving his jail sentence for other offenses and was deported from Singapore.

There is no way of knowing though, that how many people were informed that their persona details were in wrong hands.

MOH lodged a police report and had contacted the concerned individuals. The number of people was very small according to PSH Mr. Chan.

Where Brochez was deported to is still under wraps and the immigration department couldn’t share the details due to confidentiality concerns.

He is known to have arrived in the Kentucky state of the US. There’s no knowing if he’s being monitored, the sources said.

He had called at his mother’s house despite being warned to stay away and that’s when she informed the police about it.

After he refused to leave he was taken into custody and was charged. He has been asked to return to the district to face criminal trespass.

The Singapore police force is reportedly taking help of their foreign counterpart but didn’t mention which organizations or countries.

Brochez’s partner was charged with the Official Secrets Act for “failing to retain the possession of a thumb drive” containing data from the leak but was stood down and there is no answer as to why that happened.

According to Article 35(8) the AG gets a wide discretion as public prosecutor in the conduct of criminal proceedings. The prosecution “is not required to give reasons for why they decide to proceed with certain charges and not others”.

Another question that has yet to be addressed is how was the access to the confidential information disabled? We do know that the MOH had worked with “relevant parties” to disable the access.

Stolen information of such sorts is uploaded on various hack forums and file sharing sites such as “Pastebin” and “Mega” and is commonly hosted on web servers overseas.

If taking down a web domain. It could be done on a registrar level. Domain registrars are company people who create websites. But taking down a website can’t totally solve the problem.

Because once, data is on the dark web it’s almost irretrievable. As it could be copied or distributed across quite easily.

Absolutely different from the internet the commoners use, the Dark Web is “unregulated and decentralized and has no point of authority or disabling access to anything.