The watchdog said on Tuesday that MBS had admitted to breaching the Protection Obligation under the Personal Data Protection Act (PDPA) when it failed to take reasonable security measures during a large-scale software migration exercise in March 2023.
The exercise involved migrating old software to new software. This included all applications that are accessible via the Application Programming Interfaces (APIs) and their respective identifiers, which had to be migrated accordingly.
According to an advisory published by the Cyber Security Agency of Singapore (CSA) in October 2022, an API facilitates service communications between two or more apps and perform a vital role as they provide flexibility by simplifying software design, administration and use.
However, they are also the most commonly exposed component of a system and thus have to be secured against attacks.Â
