A 29-year-old Traffic Police investigation officer in Singapore has received a 16-month jail sentence for systematically breaching security protocols at the Ministry of Home Affairs and disclosing sensitive information to a civilian associate. Shivasuria Maniam Kesaval's conviction marks a significant breach of public trust, highlighting the vulnerability of personal data when law enforcement officers weaponise their access privileges for personal gain.

The case centres on a misuse of authority that unfolded over weeks in mid-2022, demonstrating how personal relationships within the force can become channels for criminal conduct. Shivasuria was working as an investigation officer when he exploited his workplace credentials to conduct unauthorised searches on government computer systems, accessing confidential records that should have remained protected. The motivation was straightforward but deeply troubling: his friend Brayden Ong Ying Shan, 25, had been caught driving without a valid licence after a woman in a relationship with Ong reported him to police. Rather than accept the legal consequences, the two men devised a scheme to identify and intimidate the complainant.

The breakdown of events reveals the calculated nature of the misconduct. After Ong was stopped by two Traffic Police colleagues on July 12, 2022, following the tip-off about his unlicensed driving, he immediately contacted Shivasuria to inform him of the traffic stop. Between July 14 and July 26, the officer conducted multiple searches of government databases, retrieving the woman's personal details and accessing the original complaint she had filed. These actions directly violated the Official Secrets Act and constituted computer system misuse, offences for which Shivasuria was ultimately convicted on five counts combined.

What transformed this into a case involving intimidation and threats was Ong's subsequent behaviour. After learning from Shivasuria the timing of when the report was filed, Ong was able to deduce correctly that the woman was responsible for alerting authorities to his driving violation. He then contacted her directly with unmistakable menace, stating he would "murder" the person who had reported him and sending her a photograph of Shivasuria with the message that he had "a TP friend that is high ranking". The implication was chilling: Ong possessed connections within the police force and hinted that he could use those connections to target her family members as well, instructing her to provide names of relatives while suggesting Shivasuria could run checks on them.

The woman's response was to lodge a formal complaint in late July 2022, setting in motion the legal proceedings that would lead to Shivasuria's suspension in August that year. The case proceeded to trial, where the District Judge found both men guilty on multiple charges. Ong's conviction included criminal intimidation and a separate breach of the Official Secrets Act, though his culpability differs from Shivasuria's in that Ong was the perpetrator of the direct threats rather than the facilitator of the data breach.

A notable complication emerged during the sentencing phase. On July 2, when the court delivered its judgment, prosecutors revealed that Ong had already fled Singapore by boat on June 2, following his conviction but apparently before sentencing proceedings concluded. A warrant for his arrest has been issued, and a review hearing is scheduled for July 14 to address the fugitive status and determine next steps. His departure suggests he recognised the severity of potential custodial sentences and chose to abscond rather than face imprisonment in Singapore.

Shivasuria's case is particularly damning because it illustrates how law enforcement personnel can exploit their position to compromise the safety of ordinary citizens. The deputy public prosecutor sought a sentence of one year and seven months, arguing that Shivasuria had demonstrated no remorse for his actions. The judge ultimately imposed a slightly lighter sentence of one year and four months, though the distinction is minimal given the gravity of the breach.

For Malaysian observers, this case offers cautionary lessons about data security governance and the importance of robust oversight mechanisms within police organisations. Singapore's strict interpretation of official secrets violations and computer misuse reflects a zero-tolerance approach to misconduct by public servants, particularly those granted access to sensitive databases. The case underscores how quickly institutional safeguards can be circumvented when individual officers prioritise personal loyalty over professional duty.

The incident also demonstrates why systems must exist to audit and monitor data access by law enforcement personnel. Shivasuria conducted his searches over a two-week period, and the frequency and nature of his queries should have triggered automated alerts had proper monitoring been in place. The ability to cross-reference access logs with case files could potentially have identified anomalies earlier, preventing the threat situation from escalating.

Moreover, the case illustrates the collateral human cost of such breaches. The woman who filed the original traffic report found herself transformed from a witness to a threatened party, forced to involve police again and testify in proceedings against someone she had never directly wronged. Her act of civic responsibility—reporting unlicensed driving to authorities—exposed her to danger because a public servant exploited his access to retaliate on behalf of his friend.

Shivasuria represented himself during trial without legal representation and submitted written mitigation that was not read aloud in court, ultimately telling the judge he had nothing further to add. This absence of demonstrated remorse likely influenced the sentencing outcome. Had he shown genuine contrition and cooperation, the outcome might have differed, though the fundamental breach of trust would remain unchanged.

As Singapore and other regional governments grapple with cybersecurity and data protection frameworks, cases like this underscore that threats to sensitive information often originate from within institutions rather than external hackers. The most effective defences combine technical controls, rigorous monitoring, strict accountability measures, and a workplace culture that prioritises integrity over personal relationships.