The GEPF experienced a security breach and the compromise of personal information held on the GPAA systems and records between February and March 2024. Data subjects were notified of the security breach and potential compromise of personal information on 20 March 2024.

The GPAA immediately shut down all its systems and initiated its Cyber Incident and Response Plan to mitigate the damage at the time of the security compromise. As a result, the compromise of personal information was isolated and curtailed. The GPAA initiated an investigation into the cause and extent of the security breach and committed to providing updates/outcomes of the investigation as soon as practically possible.

Although the investigation is still ongoing, the assessment recently revealed a compromise of personal information of a number of data subjects. The extent of the compromise of personal information is still being investigated and will be communicated on the conclusion of the investigation.

The GPAA has put various additional control measures in place to strengthen the security safeguards on its systems since the incident. The GPAA is working with security agencies to strengthen control measures and avoid future reoccurrences.

The GEPF and GPAA recognises the importance of safeguarding personal information and is working actively to prevent any recurrence of security compromises on the GEPF and GPAA systems.

We apologise for any inconvenience caused and assure you that every reasonable step has been taken to ensure that all GPAA systems and platforms are safe and protected from unauthorised and unlawful access.

The security compromise was reported to the relevant authorities, entities and regulators for further investigations, support and transparency.