Data breach involving 147,000 Cycle & Carriage Singapore customer records under probe
Sign up now: Get ST's newsletters delivered to your inbox
Cycle & Carriage Singapore, in a note sent to a customer on July 31 and seen by ST, said it is still investigating the full scope of the breach.
PHOTO: LIANHE ZAOBAO
Follow topic:
SINGAPORE - The authorities are investigating a data breach in which hackers are believed to have accessed about 147,000 customer data records at motoring giant Cycle & Carriage Singapore (C&C).
In most cases, the information that was accessed is likely to include customer names and contact information such as e-mail addresses, phone numbers and mailing addresses, C&C said in response to The Straits Times’ queries.
Most of the downloaded records have missing or partial information, it added.
However, C&C said about 2 per cent of records contained identity card numbers and deposit amounts. “No banking or credit card information was divulged,” it added.
In response to queries, the Personal Data Protection Commission (PDPC) said it is aware of the data breach and investigations are ongoing.
C&C, in a note sent to a customer on July 31 and seen by The Straits Times, said it is still investigating the full scope of the breach.
The note said: “We were alerted on 14 July 2025 to the unauthorised access into our customer relationship management system, and the threat actor downloaded some customer information. Your information is within the affected data records.”
C&C also made a police report after it discovered the data breach.
The note said: “Once we became aware of the incident, we took measures to prevent further unauthorised access to the system. A thorough investigation was carried out to establish the facts and it is still ongoing.”
It added that forensic investigators were activated to look into possible causes of the hack, and it had informed the PDPC as well.
C&C advised affected customers to keep an eye out for phishing activities or suspicious requests for personal information following the incident.
It added that it will continue to review and refine its existing data governance and cyber-hygiene protocols in the light of the incident. It has also started informing affected customers since July 30, it said.
Those who have inquiries or wish to report any suspicious activity can contact C&C customer care officers on 6471-9111 or via e-mail at customerassistancecentre@cyclecarriage.com.sg
Those who need more information on the protection of personal data can refer to the PDPC website
ST has contacted the police for more information.
C&C is the authorised dealer in Singapore for car makes such as Mercedes-Benz, Mitsubishi, Kia and Citroen.
