Govt intends to stop masking NRIC numbers, says there is not 'much value in doing so'

[ninjaghost]

social engineering technique can make good used of this information.
i can provide scenario like:
crawlers can even write a script to do interval crawling without using same ip addr if they able to identify and target all the high value victim. Even they didn't process any further malicious actions, they can even selling the high net worth target list in black market.

important anot i'm not sure, this is for you to judge.

 

[PaboJames]

My login ID is my company email. If you assume a person's company email to be his login ID, I think you will be right half the time.

That is why many companies issues different IDs from their staff ID, surname and emails for system logins

unless they are going to change how we login to Singpass.... that one is a potential problem

 

[LemonSalmon]

Can close down PDPA liao ijjit?

 

[ckling]

NRIC is like address, last time even got yellow pages publish all phone number

 

[yeenfei]

NRIC is like address, last time even got yellow pages publish all phone number

Last time can trade slaves somemore

 

[Water Bottle]

LW & LHL IC几号?

 

[Philipkee]

NRIC is like address, last time even got yellow pages publish all phone number

Yes. But last time it’s not so easy to do so much harm with basic info. Like last time you can get name phone number address from yellow pages but you are not going to be able to cancel bank accounts with just this info over the phone or online

 

[Mr BBFA]

last time we used to fill in nric no on lucky draw form from ntuc, gaint.....etc.

then one day govt said cannot.

now can again.

https://mothership.sg/2024/12/singa...VNUdPmpzMfs1M7DRvw_aem_dWK9Ehqs4815Yle6dOC7YQ

Sure, for a start all the gov official post their own NRIC on social media since there is not much value

 

[gregory_choo]

They mess up. Now how bank verify us on phone?

ask for your 小三 name

 

[icezombie]

Sure, for a start all the gov official post their own NRIC on social media since there is not much value

Start with PM and all the tiktoker jlb Ministars.

 

[Blacky]

There must be a strong reason why pdpa covered NRIC numbers as confidential info to begin with.

why now U-turn?

because some ex-reporter found a huge breach in one of Govt agency, so in order not to impeach themselves, just change some rules to make it not at fault?

noticed anywhere the minister heads, sure have huge saga?

Perhaps after the online posts about this issue, they had to come out with some fire-fighting excuse.

But this makes them look very bad....All this while advising people how to avoid scams etc, but yet they are planning to go ahead with this

 

[Not.banned.yet]

Anyone tried? Is Lky one 0000002, and YbI 0000001?

Or too long ago, data not found.

 

[deathan9el]

so .. then how now?
usually there's a need to fill in our IC no. but for the last 3 numbers & the alphabet?

e.g SXXXX123A

 

[TopGun]

That is why many companies issues different IDs from their staff ID, surname and emails for system logins

unless they are going to change how we login to Singpass.... that one is a potential problem

Login ID is not confi but password is. And 2FA is needed as a 2nd level of authentication. Login ID is never assumed to be confi, and given that it's typed out in clear text.

I don't see an issue with Singpass. There's facial recognition when one is setting up the app. For direct login, there's password and then lockout after 3 or 5 wrong attempts.

 

[I_am_bored]

To those who kept saying " last time is ok to reveal etc", well, last time we didn't have so many channels or contact points for scammers to exploit.

Also, it's not possible to wipe out savings of victims last time digitally.

 

[daylight]

so now nric no need pdpa

 

[boredom2012]

Those want revenge better call bank to cancel those who you hate atm and credit card

 

[PaboJames]

Login ID is not confi but password is. And 2FA is needed as a 2nd level of authentication. Login ID is never assumed to be confi, and given that it's typed out in clear text.

I don't see an issue with Singpass. There's facial recognition when one is setting up the app. For direct login, there's password and then lockout after 3 or 5 wrong attempts.

Having your ID exposed already helped in the first step.
Not everyone uses facial authentication on Singpass... quite a big portion don't

maybe other pranks like the previous thread about some guy kpkb all card got cancelled while he is in japan

 

[Mystyque]

https://mothership.sg/2024/12/singa...VNUdPmpzMfs1M7DRvw_aem_dWK9Ehqs4815Yle6dOC7YQ

because leaked until black hole liao so no point considering it as private anymore?

 

[testart]

2FA?

Username + Password + Phone OTP.

Sure scammers can still make boomer download app on their phone and willingly handover username and password, but better than nothing...

NRIC should not be used for authentication/verification to start with. Identification yes.

NRIC has not been kept private since inception and this allows scammers to exploit a broken system. So the way forward is to drop NRIC as a way to authenticate/verify a person's identify.

Yes. Like google username and bank user ID

no need NRIC