Singapore: Issued ruling Personal Data Protection Commission Investigation into Payroll2U for failing to protect clients' personal data

On 22 April 2024, the Singapore Personal Data Protection Commission ruled in an investigation against the payroll service provider Payroll2U. Personal information of the company's clients, such as bank account numbers, salary information, addresses, and days of birth were leaked to a ransomware site. It was found that the company failed to implement reasonable access control, and stored information on unsecured internal shared drives. The Commission stated that access should be restricted, and fined Payroll2U SGD 4'000.