The database system for Nanyang Polytechnic's (NYP) former students was compromised, and bank details were stolen, according to the school.
About 240 former students, mostly from its 1994 to 1999 batches, were affected by the breach, and NYP issued a letter to inform them of the incident on Feb 5. The hacker had "accessed the system through a security loophole in one of the programmes" in the database, a school spokesperson said, citing investigation findings following the incident.
The spokesperson added the school learnt of a possible "unauthorised access" into its system late on Jan 14, and a thorough investigation was conducted the next day before a police report was made.
The information stolen was "in the form of student admission numbers and names and numbers of bank accounts linked to a limited number of former students for GIRO payment of their school fees", the spokesperson said.
According to a report by Straits Times, the letter sent by NYP said the school managed to delete the information from the website that carried the leaked information. It is not known which website it was, it added.
"Following the incident, a series of thorough investigations, including a vulnerability scan of our system, has been conducted and the loophole patched. No other systems have been compromised. We have also checked through our internal system logs and determined that this was the only data that was leaked," the school said.
NYP said it is working with a forensics firm to conduct an independent investigation and vulnerability scan, so as to look into how its processes and systems can be strengthened.
"We will continue to monitor the situation and take the necessary steps to prevent a similar incident from happening again," the spokesperson said. "We regret the incident and the inconvenience it may have caused to our former students."