Ikea says sorry for customer data breach

Swedish retailer Ikea yesterday apologised to affected customers in Singapore after the company inserted 410 individual e-mail addresses in the wrong message field of a promotional mailer and sent it out.

A spokesman for Ikea Singapore said the incident occurred at 4.57pm last Thursday and that it "regretfully made an error of inserting 410 individual e-mail addresses in the 'To' field in an Ikea service delivery promotion e-mail sent to our customers", making the e-mail addresses visible to all recipients of the mailer.

However, the second e-mail it sent to quickly notify affected customers about the leak and to apologise included an internal draft of the apology instead.

"In our haste to notify the custo-mers as quickly as possible, we again made a mistake by sending half the recipients an internal draft of the apology notice instead, an oversight that we are embarrassed about," Ikea said.

Ikea said it takes customers' personal data integrity seriously and has notified the Personal Data Protection Commission of Singapore (PDPC).

Under the Personal Data Protection Act, organisations must generally have an individual's knowledge and consent when collecting, using or disclosing their personal data.

Last month, international beauty retailer Sephora issued a notice to its online customers after it discovered a data breach affecting customers in Singapore, Malaysia, Indonesia, Thailand, the Philippines, New Zealand and Australia.

Electricity retailer Geneco was probed by the PDPC last month after it exposed the e-mail addresses of more than 350 of its potential customers.

Malavika Menon

A version of this article appeared in the print edition of The Straits Times on August 05, 2019, with the headline 'Ikea says sorry for customer data breach'. Print Edition | Subscribe