‘Unsafe and risky': Singapore orders end to IC number use as authentication in private sector
SINGAPORE, June 26 – Singapore's Ministry of Digital Development and Information (MDDI) has reportedly urged private sector entities to stop using National Registration Identity Card (NRIC) numbers as authentication tools or passwords due to security risks.
In a formal advisory issued today, the Personal Data Protection Commission (PDPC) and the Cyber Security Agency (CSA) advised organisations to cease using NRIC numbers to verify an individual's identity when granting access to personal services or information.
'While organisations may use NRIC numbers to identify who a person is over the phone or when using digital services, NRIC numbers should not be used to prove that a person is who he claims to be ... for the purposes of trying to gain access to services or information meant only for that person,' MDDI said as quoted by CNA.
The ministry highlighted that some organisations still require individuals to use NRIC numbers, sometimes as passwords, to access personal documents such as insurance files.
'It is unsafe for organisations to use NRIC numbers in this manner because a person's NRIC number may be known to others, permitting anyone who knows his NRIC number to impersonate him and easily access his personal data or record,' the ministry said.
MDDI called on organisations to stop using full or partial NRIC numbers for authentication, including setting them as default passwords or combining them with other easily obtainable data like birth dates.
'If it is necessary to authenticate a person, organisations should consider alternative methods, for example requiring the person to use strong passwords, security token or fingerprint identification,' it added.
The government is working with key sectors such as finance, healthcare, and telecommunications to develop tailored guidelines on identity authentication practices.
This comes as Singapore's Minister for Digital Development and Information Josephine Teo said in January that firms using NRIC numbers as authentication or default passwords must end the practice swiftly.
The policy shift came after public backlash in December 2024 over a new Bizfile portal launched by the Accounting and Corporate Regulatory Authority (ACRA), which had exposed names and full NRIC numbers through its search function.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
Singapore security firm rebuts viral claim staff face sack for not staying home while on sick leave
SINGAPORE, June 29 — Singapore security firm Certis has clarified that it does not dismiss employees simply for not being at home while on medical leave, after internal WhatsApp messages about its medical leave policy circulated online and drew public attention. The messages, which were first reported by Mothership on Friday, said that workers could receive a warning letter if they were found to be away from home during medical leave without a valid reason. 'If they are not at home, they should share their 'live' location or conduct a video call with their manager to ensure their safety and well-being,' one message allegedly read. Employees were also instructed to update their residential addresses to avoid potential disciplinary action, while another message encouraged officers to 'share their pinned location' if they were not at home. A warning within the messages noted that 'any non-compliance identified may result in disciplinary action, which could include termination'. In response to Channel News Asia's queries, Certis said yesterday that termination is not automatic and disciplinary steps are taken only in 'clear and substantiated cases of abuse of medical leave, after a fair and thorough process'. 'We do not terminate employees solely because employees are not at home when on medical leave,' the company reportedly said. It added that managers may check in on staff who are on medical leave — particularly those on extended leave — and that these visits may include 'small care gestures'. Certis also emphasised that it trusts the majority of its staff to use medical leave responsibly, but has put in safeguards to ensure the system is not abused. 'Certis holds our officers to high standards of professionalism and integrity,' the company said. 'We take a firm stance against any wilful breach of company policy and will not hesitate to take disciplinary action where warranted, as we fulfil our commitment towards partners, customers, and the community whom we strive to protect and safeguard.'
Associated Press
an hour ago
- Associated Press
Frequency Holdings YCRM Announces Addition of David Meltzer to Board of Directors, Joining Kevin Harrington to Accelerate Growth and Uplisting Strategy
With media reach, market insight, and founder-focused conviction, Meltzer strengthens Frequency's mission to build lasting value across cybersecurity, identity, and AI CHICAGO, IL - June 30, 2025 ( NEWMEDIAWIRE ) - Frequency Holdings Inc., formerly Yuengling's Ice Cream Corp. and ReachOut Technology (OTC: YCRM), is proud to announce the appointment of David Meltzer to its Board of Directors. Meltzer joins existing board member Kevin Harrington, original 'Shark' from ABC's Shark Tank, to support the company's strategic vision, national expansion, and trajectory toward a future uplisting. Meltzer is the Chairman of the Napoleon Hill Institute and formerly served as CEO of Leigh Steinberg Sports & Entertainment, the inspiration for Jerry Maguire. Meltzer is a globally recognized entrepreneur, speaker, and media personality with deep experience in scaling brands, growing equity value, and aligning businesses with bold, impact-driven visions. Meltzer has been featured on numerous platforms including Forbes and Bloomberg, and produces Entrepreneur's #1 business podcast The Playbook, which Rick Jordan has been a guest. Meltzer is widely known for his philanthropic work and business leadership, and brings extensive experience in technology, branding, and capital strategy. 'David brings wisdom, reach, and conviction to this board,' said Rick Jordan, CEO of Frequency Holdings and ReachOut. 'This isn't just about high-profile names, this is about building a board that drives strategy and signal. With David and Kevin, we have two of the most visible, trusted business builders in America aligned with what we're creating. That should send a strong signal to every investor watching.' The appointment marks a critical moment in Frequency's evolution. As the Company finalizes its transition into a holding company structure modeled after Berkshire Hathaway and Alphabet, it is assembling a board with media fluency, public company expertise, and long-term investor vision. Its flagship subsidiary, ReachOut, continues its cybersecurity-first roll-up strategy targeting high-margin technology MSPs in high-demand/low-competition U.S. markets. The Company is also launching new ventures, including TRUSTLESS, a decentralized identity and data security platform in which Frequency will maintain a significant equity stake. 'Rick Jordan is one of the clearest communicators and resilient leaders I've seen,' said David Meltzer. 'He leads with intent. He listens. And he's building something that transcends industry. I'm honored to help shape that vision.' The Company recently filed its name change to Frequency Holdings, Inc. with the State of Nevada and is awaiting FINRA approval for its ticker and symbol change. This move reflects a sharpened focus on becoming a multi-brand technology holding company, one that balances strategic M&A, operational efficiency, and visionary leadership. 'The board I am assembling isn't just governance, it's guidance,' added Jordan. 'I value mentorship and we're creating value across every layer--shareholder value, strategic clarity, and public trust. The addition of David in joining Kevin and Kingsley on the board send a clear message--Frequency is here to lead.' David Meltzer on Social Media: Instagram: @davidmeltzer X: @davidmeltzer Kevin Harrington on Social Media: Instagram: @realkevinharrington X: @harringtonkevin For booking media interviews, TV appearances, and speaking for Rick Jordan CEO, and Investor Relations Contact: Email: [email protected] - [email protected] Phone: 312-288-8008 About Frequency Holdings, Inc. (OTC: YCRM) Frequency Holdings is a modern holding company focused on high-growth ventures in cybersecurity, AI, digital identity, and IT infrastructure. Through its lead operating brand, ReachOut, Frequency is building the first nationally recognized name in cybersecurity-first IT services for SMBs. Additional holdings, including TRUSTLESS, are structured to contribute long-term equity value via independent growth and strategic alignment. About Rick Jordan Rick Jordan is a resilient entrepreneur, cybersecurity expert, and media personality known for leading companies through high-growth transformations. He founded ReachOut Technology and is the architect of Frequency Holdings Inc., a multi-brand technology holding company focused on scaling ventures in cybersecurity, digital identity, and AI. Rick has advised in the White House on national cyber policy, appeared on major networks including Bloomberg and NewsNation, and hosts the globally ranked podcast ALL IN with Rick Jordan, soon to be renamed FREQUENCY. His leadership bridges bold vision with operational precision, in addition to bringing clear signal and communication to the public markets. About Kevin Harrington Kevin Harrington is a globally recognized entrepreneur, original Shark on ABC's Shark Tank, and a pioneer of the infomercial industry. Over his career, he has launched more than 20 companies to over $100 million in sales and helped generate over $15 billion in market value, including his early leadership in Celsius Holdings, Inc. As a board member of Frequency Holdings Inc., Kevin brings deep strategic insight, brand-building expertise, and decades of experience scaling disruptive ventures into household names. About David Meltzer David Meltzer is Chairman of the Napoleon Hill Institute and former CEO of Leigh Steinberg Sports & Entertainment, the inspiration for Jerry Maguire. A globally recognized entrepreneur, investor, and business coach, he's been named Variety's Sports Humanitarian of the Year and is a recipient of the Ellis Island Medal of Honor. As Executive Producer of Apple TV's 2 Minute Drill and Office Hours, and Entrepreneur's top digital show Elevator Pitch, David brings media fluency and business expertise to global audiences. His mission--to empower over 1 billion people to be happy--drives his work across coaching, content, and leadership. Forward-Looking Statements This press release contains forward-looking statements regarding future events, performance, and financial expectations. These statements are based on current beliefs and assumptions, and are subject to risks and uncertainties--many of which are beyond the Company's control--that could cause actual results to differ materially from those projected. Factors that may affect results include the Company's need for capital, changes in regulatory environments, market competition, demand for services, and other risks detailed in the Company's filings with the Securities and Exchange Commission at Forward-looking statements speak only as of the date made, and the Company undertakes no obligation to update them except as required by law. View the original release on
Forbes
an hour ago
- Forbes
Understanding The Challenges Of Cybersecurity Threat Readiness
Alex Lanstein is the CTO of StrikeReady, pioneering unified AI-powered Security Command Center solutions for Security Operations Centers. The importance of keeping an organization's data safe can't be overstated. According to Thomson Reuters, just one data breach can cost a company millions—with no sign of that cost decreasing. Effective threat readiness helps reduce the risk of falling victim to cybercriminals and paying a staggering sums to address the damage. But before security operations center (SOC) analysts can prevent attacks, organizations must first understand the core challenges to becoming truly threat-ready. Common Threat Readiness Challenges Threat readiness means being able to identify, prepare for and respond to cybersecurity threats. While all organizations should be concerned, there's no one-size-fits-all approach to staying secure. It's critical to develop methodologies tailored to each organization's specific needs and security landscape. The first challenge in becoming threat-ready is identifying which threats matter the most. It's unrealistic to try to combat every attacker, every time. An intel-driven approach can help focus resources on high-priority threats—but leaders need to determine which ones are worth the focus. Simulation scenarios must be relevant to a company's sector and geography. Threat actors often target based on industry, region or past vulnerability. For instance, an attacker focused solely on Sri Lanka, Bangladesh and Pakistan is likely irrelevant to a Texas-based tax software company. SOC teams should also track which threat groups have targeted them in the past. Getting breached once is forgivable—but being breached twice by the same actor can have serious professional consequences. By building profiles of likely attackers, cybersecurity teams can define the relevant actors, tactics and motivations, then design defenses that address them. While it may feel safer to respond to every threat, doing so wastes time and resources. Unless your organization has infinite budget, it's better to focus than overreact. 'Plumbing' refers to the behind-the-scenes effort of filtering, applying and managing security data effectively. SOCs are innundated with information—thousands of indicators, alerts and threat group signatures. Without good plumbing, teams can drown in a flood of false positives or irrelevant data. Improper filtering can not only trigger irrelevant alerts, it can also cause outages in network or endpoint infrastructure—potentially obscuring real threats amid the noise. Blocking threats is a central goal, but automating this action introduces risk. Automatically blocking infrastructure based on threat intelligence may inadvertently disrupt employee access to legitimate applications. For example, some threat actors use trusted services—like obscure file-sharing platforms or even Google Calendar—for command and control. APT41 has used this exact tactic. If you block infrastructure flagged in threat intel without vetting, the outages you cause could be worse than the threats themselves. Confidentiality is a cornerstone of effective threat readiness—but it's harder to maintain when integrating AI into workflows. AI can help analysts manage large volumes of data, but feeding sensitive information into third-party systems raises privacy concerns. Organizations should be cautious when uploading alert data into AI platforms like OpenAI or Google Gemini. These companies have legitimate access to user input, and while their analysts are skilled professionals, they openly publish threat intel on their public blogs—indicating that customer data may be actively reviewed. When a data breach is suspected, especially in regulated industries, SOCs must act quickly—while also following strict protocols. Investigations need to be trackable and auditable to ensure clarity later. If an analyst investigates a breach involving a senior executive, they must document every step. Without clear records, actions like pulling files or accessing email accounts can raise internal or legal concerns and may reduce trust in future automation. Getting Ahead Of The Threat Curve Navigating threat readiness challenges requires a strategic blend of human expertise, actionable intelligence and smart automation. Rather than adopting generic security frameworks, companies should build comprehensive, adaptable programs that reflect their unique threat landscape and operational priorities. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
