The Coffee Meets Bagel example is useful precisely because it is non-threatening. A dating app pulling marital status and date of birth from government records via Singpass normalises a data collection pattern that, applied to higher-risk services, creates serious exposure. Marital status combined with NRIC and date of birth is enough to anchor a social engineering attack or bypass knowledge-based authentication at financial institutions. The harm model is not a breach of MyInfo itself but the aggregation of MyInfo-sourced data across the downstream applications that retain it.
The Coffee Meets Bagel example is useful precisely because it is non-threatening. A dating app pulling marital status and date of birth from government records via Singpass normalises a data collection pattern that, applied to higher-risk services, creates serious exposure. Marital status combined with NRIC and date of birth is enough to anchor a social engineering attack or bypass knowledge-based authentication at financial institutions. The harm model is not a breach of MyInfo itself but the aggregation of MyInfo-sourced data across the downstream applications that retain it.