SINGAPORE, Jan 15 — Seven individuals, including six men and one woman aged between 19 and 32, have been arrested for allegedly exploiting the Immigration and Checkpoints Authority’s (ICA) e-service to illegally change the registered home addresses of at least 30 victims.

This comes after ICA reported a surge in unauthorised attempts to modify addresses via the online service.

The agency initially suspended the service on January 11 after discovering 80 such attempts, 75 per cent of which were successful.

By January 13, ICA found that 87 attempts had been made, 69 of which were successful. These attempts involved gaining control of 17 Singpass accounts.

The police, with over 60 officers, launched an island-wide operation between January 11 and 13 to arrest the suspects.

According to The Straits Times, six of the suspects are being investigated under the Computer Misuse Act for the unlawful disclosure of access codes, while one faces charges related to the unlawful disclosure of passwords connected to Singpass.

Some individuals are also being probed by ICA for breaches under the National Registration Regulations, the report added.

The penalties for disclosing access codes can include imprisonment of up to three years, a fine up to S$10,000 (RM33,000), or both. Similarly, disclosing Singpass passwords can result in the same punishment.

ICA resumed the service yesterday after implementing stronger security measures, including mandatory face verification when logging in with Singpass.

However, the feature allowing users to change another person’s address remains disabled.

ICA said it is also working on measures to allow such changes by family members or proxies under safer conditions.

The agency is contacting the 87 affected individuals, notifying them of the attempted address changes. In cases where contact couldn’t be made by phone, house visits were conducted.

ICA is replacing the affected identity cards and restoring the correct addresses in its database. Additionally, Singpass accounts linked to the 87 cases have been reset or suspended.

ICA said it is working with GovTech to assist those whose Singpass accounts were compromised. Efforts are underway to identify and notify relevant agencies and companies, including banks and telecom providers, that may have been affected by these breaches.

The police warned the public against sharing Singpass account details and cautioned against fraudulent schemes promising quick money for using personal accounts.