Customers of consumer electronics retailer Audio House may have had their personal details such as names and contact numbers stolen by a hacking group that had allegedly hacked furniture retailer Vhive.
In an e-mail to customers yesterday, Audio House said it was told on Monday that hacking group Altdos might have gained unauthorised entry into its servers.
The group claimed to have accessed the retailer's membership database, stolen information from it and used the data to blackmail Audio House, the retailer added.
The company is now working with the police and other authorities, as well as a team of Web experts, to ascertain if its servers had been breached and to what extent.
The police confirmed a report was lodged and they are investigating the matter.
Audio House told The Straits Times that its database contains the information of about 180,000 customers, adding that Altdos had threatened the company through e-mails, which it has not responded to.
It said Altdos had used fear tactics to pressure the company to pay the group, and may use Audio House as a case study to blackmail other firms in future.
In previous hacking incidents, Altdos, operating mainly in South-east Asia, stole customer data from companies, blackmailed the compromised firms, leaked the data online when their demands were not met, and publicised the breaches.
In the Audio House breach, the data that could have been stolen included members' names, e-mail addresses, home delivery addresses, contact numbers, credits they have with the company, and members' past sales transaction records.
Audio House said all customer payment details and credit card information are handled by a third-party payment gateway, so no credit card information was stored or possibly breached.
"All our members' eCashback and credits are safely stored with us, and you will still be able to use them in your purchases with us," the firm said.
The retailer added that it had strengthened its firewall and system's security after the incident, and had suspended its website temporarily to conduct more tests and the firewall upgrade.
Apologising for the potential breach, Audio House advised customers who receive any spam e-mails from Altdos not to respond to them.
The company also urged customers not to spread unverified facts about the incident that could bolster the hacking group's efforts.
Those who need help can contact Audio House.
Altdos had previously claimed responsibility for hacking Vhive. The furniture retailer had said its server was hacked on March 23.
Compromised information included customers' names, physical and e-mail addresses and mobile numbers, but did not include identification numbers or financial information, said the company.