Singapore's data privacy watchdog investigating customer data breach at ShopBack

ShopBack said that it is currently working together with the authorities to investigate the extent of the damage. PHOTO: ROOOT STUDIO
Fabian Koh
Updated
Published
September 26, 2020 at 12:36 PM

SINGAPORE - Local authorities are investigating a data breach at home-grown e-commerce cashback platform ShopBack, after the firm made public an incident involving unauthorised access to customers' personal data.

A spokesman at privacy watchdog the Personal Data Protection Commission said it has been notified of the incident. "Investigations are ongoing," he added.

In an e-mail to customers on Friday (Sept 25) evening seen by The Straits Times, ShopBack said that it became aware of unauthorised access to its systems which contained customers' personal data "a few days ago". It was still investigating what data had been compromised.

"To date, we have no reason to believe that any of your personal data has been misused, however the possibility still exists," said the firm, apologising for the incident.

"What we can assure you is that your cashback is safe... Your credit cards are safe, as we do not store your 16-digit card number or CVV on any of our systems."

ShopBack said that it had immediately initiated an investigation after the incident came to light, and engaged leading cybersecurity specialists to assess the extent of the breach and also to further enhance its safety measures.

It added that it is currently working together with the authorities to investigate the extent of the damage.

ShopBack said that customers' account passwords are encrypted, but suggested that they change them as an "added precautionary measure".

"We also suggest that you do not use the same password on other digital platforms," it said, while committing to taking steps to minimise the risk of a similar incident occurring again in future.

More On This Topic
IT database breach at RedDoorz but no sensitive information compromised, says hospitality start-up
Grab fined $10,000 for fourth data privacy breach in S'pore in two years
Data breach of potentially 100,000 Razer customers worldwide discovered by cyber-security consultant
Proposed changes to Singapore's data protection law seek stiffer penalties for info leaks

ShopBack accounts can still be used, as the platform's business operations have not been affected by the incident.

Customers can contact Shopback at care@shopback.sg if they have questions related to the incident.

ShopBack user Cordelia Lee, 24, said she finds it unsettling at the lack of confirmation over what data was breached on the platform.

While she will be changing her account password, the design firm executive said: "I'm actually more concerned about how this happened, and am looking forward to the company sharing future steps in ensuring better securing their customer's data."

Join ST's WhatsApp Channel and get the latest news and must-reads.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 076/10/2022, MCI (P) 077/10/2022. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2023 SPH Media Limited. All rights reserved.

Back to the top