ShopBack and RedDoorz report data breaches

Both assure customers of safety of credit card information, and are investigating incidents further

E-commerce cashback platform ShopBack said customers' account passwords are encrypted, but suggested they change them as an "added precautionary measure".
E-commerce cashback platform ShopBack said customers' account passwords are encrypted, but suggested they change them as an "added precautionary measure".PHOTO: SHOPBACK
Budget hotel management and booking services firm RedDoorz said no sensitive data pertaining to financial information, such as customer credit cards or passwords, was compromised to the best of its knowledge.
Budget hotel management and booking services firm RedDoorz said no sensitive data pertaining to financial information, such as customer credit cards or passwords, was compromised to the best of its knowledge.PHOTO: REDDOORZ

The local authorities are investigating a data breach at home-grown e-commerce cashback platform ShopBack, after the firm made public an incident involving unauthorised access to customers' personal data.

A spokesman for privacy watchdog, the Personal Data Protection Commission, said it has been notified of the incident. "Investigations are ongoing," he added.

In an e-mail to customers on Friday evening seen by The Sunday Times, ShopBack said it became aware of unauthorised access to its systems, which contained customers' personal data, "a few days ago".

It is still investigating what data has been compromised.

"To date, we have no reason to believe that any of your personal data has been misused, however the possibility still exists," said the firm, apologising for the incident.

"What we can assure you is that your cashback is safe... Your credit cards are safe, as we do not store your 16-digit card number or CVV on any of our systems."

ShopBack said it had immediately initiated an investigation after the incident came to light, and engaged leading cyber security specialists to assess the extent of the breach and further enhance its safety measures.

It added that it is currently working with the authorities to investigate the extent of the damage.

ShopBack said customers' account passwords are encrypted, but suggested they change them as an "added precautionary measure".

"We also suggest that you do not use the same password on other digital platforms," it said, while committing to taking steps to minimise the risk of a similar incident occurring again in future.

ShopBack accounts can still be used as the platform's business operations have not been affected by the incident.

 
 
 

Customers can contact ShopBack at care@shopback.sg if they have questions related to the incident.

ShopBack user Cordelia Lee, 24, said she finds unsettling the lack of confirmation over what data has been breached on the platform.

While she will be changing her account password, the design firm executive said: "I'm actually more concerned about how this happened, and am looking forward to the company sharing future steps in... better securing their customers' data."

Separately, budget hotel management and booking services firm RedDoorz said yesterday that one of its IT databases suffered a breach last week.

In a statement, it said no sensitive data pertaining to financial information, such as customer credit cards or passwords, was compromised to the best of its knowledge.

Said a spokesman for the company: "We are taking all the necessary steps to investigate this further and, at the same time, we are conducting a thorough review of all our IT systems and protection."

A version of this article appeared in the print edition of The Sunday Times on September 27, 2020, with the headline 'ShopBack and RedDoorz report data breaches'. Print Edition | Subscribe