Photography by Benjamin Lim.

In the heart of the CBD where business folks commute in the midday sun, a familiar face walks around collecting discarded cardboard or old furniture. His lorry is parked near cafes that serve coffee priced at more than five dollars a cup, a luxury he will probably never afford in his lifetime. In the meantime, while every security expert seems to be looking into the abyss of cyberspace for the next big phishing attack or security breach, this old rag and bone man, more locally known as the ‘karanguni’, could be holding one of the keys to solving some of the data breaches that have been plaguing our nation.

View photos

If you’ve ever experienced one of those annoying phone scams where some guy with a Mainland Chinese accent asks you to verify your ID or they would kill a random relative, brace yourself for more. By now, you’d already know that Singapore had its largest data breach courtesy of our friends at SingHealth, where a whopping 1.5 million patients have had personal details such as NRIC numbers, addresses and dates of birth illegally accessed.

If you’re thinking there’s nothing anyone can really do with just your NRIC number, read this article that was just published in relation to the Singhealth data breach: ‘Hackers searched for PM’s records using his NRIC number’.

And this is just the tip of the iceberg.

Everyday on the news, you’ll come across stories of some data breach that occurred in Singapore or overseas. Yet not all of these breaches are linked to cyberattacks. (Read about the biggest physical data breaches in 2016 here.)

According to a report that was published in The Straits Times two years ago, unshredded paper documents from UOB bank were found around the Boat Quay area. Contained in them was confidential customer data such as “corporate statements, loan applications, and internal reports from the bank”.

In summary, UOB said in its statement that they ‘concluded their investigation on the matter’. How convenient.

While it’s been two years since UOB and the other banks apparently cleaned up their acts, I decided to take a walk around the CBD anyway to see if I could find any more occurrences of unshredded paper documents containing private information. And I wasn’t disappointed.

Story continues