Singapore's data privacy watchdog investigating customer data breach at ShopBack

ShopBack said that it is currently working together with the authorities to investigate the extent of the damage.
ShopBack said that it is currently working together with the authorities to investigate the extent of the damage.PHOTO: ROOOT STUDIO

SINGAPORE - Local authorities are investigating a data breach at home-grown e-commerce cashback platform ShopBack, after the firm made public an incident involving unauthorised access to customers' personal data.

A spokesman at privacy watchdog the Personal Data Protection Commission said it has been notified of the incident. "Investigations are ongoing," he added.

In an e-mail to customers on Friday (Sept 25) evening seen by The Straits Times, ShopBack said that it became aware of unauthorised access to its systems which contained customers' personal data "a few days ago". It was still investigating what data had been compromised.

"To date, we have no reason to believe that any of your personal data has been misused, however the possibility still exists," said the firm, apologising for the incident.

"What we can assure you is that your cashback is safe... Your credit cards are safe, as we do not store your 16-digit card number or CVV on any of our systems."

ShopBack said that it had immediately initiated an investigation after the incident came to light, and engaged leading cybersecurity specialists to assess the extent of the breach and also to further enhance its safety measures.

It added that it is currently working together with the authorities to investigate the extent of the damage.

ShopBack said that customers' account passwords are encrypted, but suggested that they change them as an "added precautionary measure".

"We also suggest that you do not use the same password on other digital platforms," it said, while committing to taking steps to minimise the risk of a similar incident occurring again in future.

 
 
 
 

ShopBack accounts can still be used, as the platform's business operations have not been affected by the incident.

Customers can contact Shopback at care@shopback.sg if they have questions related to the incident.

ShopBack user Cordelia Lee, 24, said she finds it unsettling at the lack of confirmation over what data was breached on the platform.

While she will be changing her account password, the design firm executive said: "I'm actually more concerned about how this happened, and am looking forward to the company sharing future steps in ensuring better securing their customer's data."