In the largest reported data breach here to date, the names, e-mail addresses and mobile phone numbers of 380,000 users of ride-hailing app Uber in Singapore were leaked when the company was targeted by a hacker last year.

Uber kept mum about the breach until last month, when it disclosed that details of 57 million Uber riders and drivers worldwide were leaked. Worse, the company paid US$100,000 (S$135,000) to the hacker responsible to destroy the information, in an effort to cover up the leak.

It is a sobering reminder that all personal data will always be vulnerable to being leaked. Uber is not, and will not be, the only big company to suffer from such a cyber-security meltdown, which can have a ripple effect, as hackers who have access to one set of information can use it to access other websites or accounts related to a user.

Breaches like this erode the public's trust in the ability of large corporations to keep their private information safe, even as businesses and governments push for a more digital society.

Such distrust poses a challenge to Singapore's Smart Nation plans, which involve the widespread embracing of digital services such as e-payments and, more crucially, the planned formation of a national digital identity.

For citizens to trust that their personal information is safe, the authorities have to take stern action on companies that breach data privacy laws, be it a leak of 38 or 380,000 names.

Proposed changes to the Personal Data Protection Act will make it mandatory for companies to inform customers of personal data breaches as soon as they are discovered, and to make a report to the Personal Data Protection Commission within 72 hours.

Ensuring that data violations will not be taken lightly is a crucial step in securing public trust. So the onus is on companies and government agencies to invest in and update their security against hackers, because it is already too late for the consumer when breaches occur.