Parliament Sitting on 1 February 2021


47. Miss Cheryl Chan Wei Ling:
To ask the Minister for Communications and Information whether the Ministry will consider (i) legally requiring social media platforms to inform its users that their account has been hacked or that an attempt has been made (ii) providing a channel for companies to report such acts and (iii) legally requiring social media platforms to maintain an office to respond to reports filed by the victims.


1. Mitigating cybersecurity and data security risks on social media platforms is the collective responsibility of the Government, social media companies and individual users. 

2. Users, including companies, may file a report to the Police if their social media accounts have been hacked. Depending on the facts and circumstances of the case, the Police may commence investigation if an offence is disclosed under the Computer Misuse Act or other relevant laws. 

3. For significant data breaches, the Government has introduced further safeguards under the recently amended Personal Data Protection Act (PDPA). If the exfiltration of personal data arising from the hacking of social media accounts results in significant harm to the users, the organisation responsible for this platform must notify both the Personal Data Protection Commission and affected individuals. In addition, the PDPA requires all organisations, including social media companies, to appoint a Data Protection Officer whose role includes responding to public enquires and complaints.

4. The major social media platforms also provide a channel for users to report to them suspected hacking incidents. Actions that could be taken by the platforms include removing suspicious messages from hacked accounts and assisting affected users in recovering their accounts. In addition, these platforms have mechanisms to notify users of unusual attempts to log into their accounts. All social media platforms should consider putting in place such measures, if they have not already done so.

5. Users of social media platforms should also take steps to protect themselves. They should immediately change their password and notify their contacts, if they realise or suspect that their accounts have been hacked. This way, their contacts could take the necessary precautions, such as not clicking on messages or posts which may contain malware or phishing links. To keep their online accounts secure, users are strongly encouraged to practise good cyber hygiene at all times. For example, they should set strong passwords, use a unique password for each account, and activate two-factor authentication.

6. The Government is committed to working with all stakeholders to protect our citizens in the digital space, and will continue to review our laws and other measures to do so. 

Speech by Mrs Josephine Teo, Minister of Communications and Information, at the Global Technology Summit on 1 December 2022 Speeches Personal Data, Others, Cyber Security 01 Dec 22
MCI Response to PQ on Collection of NRIC and Personally Identifiable Information by Security Officers at Commercial and Private Residential Facilities Parliament QAs Personal Data, Others 30 Nov 22
MCI Response to PQ on Measures in Place to Safeguard Privacy and Data of Users against Illegal Tracking by Tech Companies Parliament QAs Personal Data 28 Nov 22
MCI Response to PQ on Publishing Unedited Submissions from Individuals and Industry Players in Public Consultations on Proposed Legislation Parliament QAs Others, Public Comms, Personal Data 28 Nov 22
Speech by Mr Tan Kiat How, Senior Minister of State, Ministry of Communications and Information, at SGTech Global Future Series: Digital Trust Forum on 28 October 2022 Speeches Infocomm Media, Personal Data 28 Oct 22
Speech by Mrs Josephine Teo, Minister for Communications and Information, at The Singapore Computer Society (SCS) Tech3 Forum on 26 Aug 2022 Speeches Others, Cyber Security, Personal Data 26 Aug 22