Security incident involving IBM-managed cloud environment led to compromise of 70,000 people's data: SLA
About 70,000 people had their personal data compromised following unauthorised access to a Singapore Land Authority data set in an IBM-managed testing environment. SLA said live operational systems were not affected as investigations into the incident continue.

- Around 70,000 individuals had personal data exposed in an IBM-managed testing environment.
- SLA said operational systems and property records remain secure and were not compromised.
- Investigations are ongoing, with affected individuals being notified and authorities informed.
Personal data belonging to an estimated 70,000 people was compromised following a cybersecurity incident involving the Singapore Land Authority (SLA) and a cloud environment managed by its vendor, IBM.
In a media release issued on 3 July 2026, SLA said preliminary investigations indicated the incident involved unauthorised access to a data set created for vendor development and testing purposes.
SLA apologised for the concern and inconvenience caused by the incident.
Historical testing data exposed
According to SLA, IBM was appointed to support and maintain the Singapore Titles Automated Registration System (STARS) and eLodgment System (ELS), and managed the development and systems integration testing environment for both platforms.
SLA said the affected data set was created in 1998 and updated periodically over subsequent years. It was intended to contain only mock and anonymised testing data based on property ownership and lodgment records.
However, investigations found the data set also contained the names, NRIC numbers and former property addresses of an estimated 70,000 individuals.
"This information should have been anonymised but was not," SLA said, adding that investigations are ongoing to determine how this occurred.
Live operational systems unaffected
SLA stressed that the affected vendor-managed environment is separate from its operational systems.
It said there was no connection to, or compromise of, the live systems used for STARS, ELS or any other SLA systems. Property ownership and lodgment records within STARS and ELS remain secure and unaffected.
IBM has revoked access associated with the affected development and testing environment to prevent any further unauthorised access.
As a precaution, SLA has identified individuals whose information was contained in the affected data set and has begun notifying them. Those affected are also being advised on how they can seek further information and assistance.
SLA said it is working closely with IBM, the Government Technology Agency of Singapore and the Cyber Security Agency of Singapore to investigate the incident, establish the full facts and ensure the necessary remedial measures are taken.
The agency has also lodged a police report and notified the Personal Data Protection Commission.
As investigations continue, SLA urged members of the public to remain vigilant against phishing emails, fraudulent websites, text messages and telephone calls from parties claiming to represent government agencies or other organisations.








