SINGAPORE, Feb 18 — Raymond Tan, a Singaporean man in his forties, has been dealing with a string of issues after discovering that his home address was altered without his knowledge by scammers using the Immigration and Checkpoints Authority’s (ICA) online service.
His experience is part of a larger investigation involving 71 affected individuals whose personal information was tampered with, according to a report published in Channel News Asia today.
Tan first became aware of the issue on December 30, 2024, when purchasing travel insurance at the airport.
Using the MyInfo service, he noticed that his home address had been changed to an unfamiliar unit in Commonwealth Drive.
He immediately contacted Singpass, froze his account, and implemented additional security measures, including a video call for account reinstatement.
Despite this, he remained concerned about further unauthorised access to his personal information.
On January 11, ICA confirmed that scammers had exploited a vulnerability in its online service, allowing them to change residential addresses.
Tan’s Singpass account was suspended as part of the investigation.
While he understood the need for this precaution, he faced several disruptions, including the inability to complete time-sensitive tasks such as medical appointments for his domestic helper and legal appointments related to his father-in-law’s Lasting Power of Attorney.
To make matters worse, Tan discovered that his bank accounts at CIMB and OCBC had been put under review.
On January 27, he was unable to access his CIMB account, and just days later, OCBC flagged all his accounts for review.
Despite the stress of the situation, the biggest shock came on February 3, when OCBC sent letters notifying him that his accounts would be closed due to a “change in profile and/or activities.”
After pressing for an explanation, the bank reversed its decision a week later, deciding not to close his accounts.
OCBC and CIMB have both stated that account reviews are part of their risk management protocols to protect customers from fraud.
When accounts are flagged, they are temporarily suspended for further review.
The banks emphasised that such measures aim to prevent unauthorised activity and ensure the safety of their clients’ financial assets.
Authorities revealed that the scammers exploited an “Others” option in ICA’s address-change service, allowing them to change addresses via proxy.
The process involved a Singpass login, the applicant’s NRIC number, and a verification PIN mailed to the new address.
The scammers gained access to “relinquished” Singpass accounts, enabling them to impersonate victims and make unauthorised address changes.
Minister of State for Home Affairs, Sun Xueling, said that while the ICA service included safeguards, these were insufficient to prevent malicious actors from exploiting the system.
Tan suspects that his NRIC details were compromised through common practices, such as submitting photocopies for building entry or car purchases.
Although his banking issues have been resolved, Tan remains vigilant, still concerned about the security of his personal information.
He fears that the scammers may have accessed more than just his address and wonders about the extent of the potential misuse of his data.
“Until the incident happened, I don’t think anybody really thought that the IC’s date of issue is so important,” he said. “At this point, I feel quite helpless. It seems like there’s nothing much I can do.”
