In a joint statement, the Ministry of Manpower (MOM) and the Infocomm Development Authority (IDA) confirmed three hacked SingPass accounts were used to create six fraudulent work pass applications.
The three accounts were part of 1,560 compromised SingPass accounts discovered in June. Both matters have been referred to the local police.
MOM said the counterfeit work passes were immediately cancelled, and the Ministry “has also put in place additional measures to strengthen and further safeguard its work pass transactions”.
Both bodies encouraged SingPass users to improve their passwords by using one which is alphanumeric, contains eight to 24 characters, and preferably includes capital letters and symbols.
The IDA announced it is also enhancing the SingPass system, which is expected to be ready in Q3 2015.
“It is also looking in allowing users to set their own user names in the enhanced SingPass system, instead of using NRIC numbers,” the press release said.
“IDA will introduce further measures such as a second-factor authentication (2FA) for e-government transactions, particularly for those involving sensitive data.”