Residents across Singapore are raising concerns about a persistent and unnerving problem: photographs uploaded to government and commercial digital platforms are being replaced by duplicate or mismatched images belonging to other users. Reports have surfaced from Tampines, Jurong West and Toa Payoh, with affected individuals describing confusion, distress and, in several cases, delays to essential services.
The issue has sharpened focus on Singapore's rapid digitisation push. As the Smart Nation initiative has moved more civic services online — from HDB flat applications and CPF submissions to healthcare appointments under HealthHub — the volume of images and identity documents processed daily has grown significantly. Even minor errors in image-handling pipelines can affect thousands of accounts before they are caught.
What residents are experiencing
One Tampines resident, who asked not to be identified by name, described logging into her HDB resale portal account in late June 2026 and finding a photograph of an unfamiliar middle-aged man displayed in her profile. She had uploaded her own NRIC photograph when registering two years earlier. Another resident from Jurong West reported a similar incident involving a property agent profile on a major property listing site, where his headshot had been replaced by an image he did not recognise. A third case, described by a member of a Toa Payoh residents' WhatsApp group, involved a childcare centre's parent-facing app showing the wrong child's photograph against a sibling's pick-up record.
These accounts, shared in community forums and neighbourhood Facebook groups including the active Tampines Residents' Corner page, suggest the problem is not isolated to a single platform. It touches multiple layers of Singapore's digital infrastructure — government portals, private PropTech services and third-party education apps that authenticate users partly through uploaded images.
The Consumer Association of Singapore (CASE) and the Personal Data Protection Commission (PDPC) both handle complaints relating to mishandling of personal data, including photographic records. Under Singapore's Personal Data Protection Act 2012, organisations are required to protect personal data from unauthorised access, disclosure or misuse. Affected residents can file complaints directly with the PDPC, which maintains an online portal for such reports.
Why image deduplication failures happen
Technology professionals familiar with Singapore's public sector infrastructure, speaking in general terms, point to a common underlying cause: deduplication algorithms used to manage storage costs can, if misconfigured, map one user's image file to another user's account when the files share similar hash values or metadata. The problem tends to surface after system migrations or storage optimisation cycles — precisely the kind of backend work that has accompanied Singapore's ongoing push to consolidate government digital services under the Singpass app ecosystem and the associated MyInfo profile framework.
The PDPC reported receiving 156 data breach notifications in 2023 alone, the most recent full-year figure publicly available, with a significant proportion involving personal data stored on web and mobile platforms. While not all involved images, the figure underlines how frequently data handling errors occur even within Singapore's tightly regulated digital environment.
GovTech Singapore, which manages core government digital infrastructure including the Singpass platform, has not publicly commented on the specific image-replacement reports circulating in community channels. Residents who believe their profile images have been affected are advised to file a report through the Singpass app's built-in feedback function or email the PDPC at pdpc_complaints@pdpc.gov.sg.
For residents dealing with the immediate practical fallout — a property transaction stalled, a childcare pick-up delayed — the advice from digital rights advocates familiar with Singapore's system is straightforward: take a timestamped screenshot of the incorrect image as evidence, notify the platform operator in writing within 48 hours to trigger their mandatory response obligations under PDPA, and simultaneously file a parallel report with the PDPC. The commission has the authority to direct organisations to correct errors and, where warranted, impose financial penalties. Residents should not delete or alter any account settings until they receive written confirmation that their original image has been restored.