Security Incident Involving an IBM-managed Cloud Environment
3 July 2026
The Singapore Land Authority (SLA) has been informed by IBM of a data security incident involving unauthorised access to an IBM-managed cloud environment. As the vendor appointed to support and maintain SLA’s Singapore Titles Automated Registration System (STARS) and eLodgment System (ELS), IBM managed the development and systems-integration testing environment for STARS and ELS.
2 Preliminary investigations indicate that there was unauthorised access to a data set created for the sole purpose of vendor development and testing. The data set was created in 1998 and updated periodically over the subsequent years. It was intended to contain only mock and anonymised testing data based on property ownership and lodgment records. However, SLA has since uncovered that it also contained the names, NRIC numbers, and then property addresses of an estimated 70,000 individuals. This information should have been anonymised but was not. Investigations are ongoing to determine how this occurred.
3 The affected environment managed by the vendor is distinct and separate from SLA’s operational systems. There is no connection or compromise to the live systems used for operations of STARS, ELS or any other SLA systems. Property ownership and lodgment records in STARS and ELS remain secure and unaffected.
4 IBM has revoked access associated with the affected development and testing environment to prevent any other unauthorised access.
5 As a precautionary measure, SLA has identified the individuals whose information was contained in the affected data set and has begun notifying them and advising them on how they can seek further information and assistance.
6 SLA is working closely with IBM, the Government Technology Agency of Singapore and the Cyber Security Agency of Singapore to investigate the incident, establish the full facts and ensure that the necessary remedial measures are taken. SLA has also lodged a police report and notified the Personal Data Protection Commission.
7 As investigations are on-going, we advise members of the public to remain vigilant against phishing emails, phishing websites, text messages, or telephone calls, from parties claiming to represent Government agencies or other organisations.
8 We apologise for the concern and inconvenience this incident may cause.
3 July 2026
Issued by
Singapore Land Authority
