Fashion label Love, Bonito hit by data breach

Love, Bonito co-founder Rachel Lim said her company has engaged a data security expert to investigate the incident.
Love, Bonito co-founder Rachel Lim said her company has engaged a data security expert to investigate the incident.

Privacy watchdog probing after firm reports customers' data such as credit card numbers may have been exposed

Singapore's privacy watchdog is investigating a data breach involving Love, Bonito, after the home-grown fashion label reported that its online users' data had been compromised.

Yesterday, the retailer, which has three stores in Singapore, sent an e-mail to its online customers telling them that the data breach had been confirmed on Tuesday.

A malicious code had been added to its e-commerce website, it said, but it has since been removed.

In the e-mail, Love, Bonito co-founder Rachel Lim said that based on the company's investigations, some of its customers' personal information may have been exposed, including credit card numbers, expiry dates and CVVs, as well as full names, shipping addresses, order details and phone numbers.

The e-mail did not say how many people were affected by the breach.

Responding to queries from The Straits Times, a company spokesman said that a "small number" of its customers were affected.

The spokesman later added: "We can confirm that based on Love, Bonito's investigations, approximately 3 per cent of its customers may have had their personal information exposed. Out of (these), a small number may have had their financial data accessed."

Love, Bonito declined to say how large its customer base is.

The company was founded in 2010 and has offices in Malaysia and Indonesia.

 
 
 
 

It is not known how many registered online users it has.

The spokesman said: "We took immediate actions to remove the malicious code and further steps to secure our systems. The authorities have been notified and we are working closely with them and our security vendors to investigate and resolve this matter.

"As the incident is currently under investigation, no further details can be provided."

In response to queries from The Straits Times, a spokesman for the Personal Data Protection Commission (PDPC) said it has been notified of the incident and investigations are ongoing.

According to Ms Lim, her company has engaged a data security expert to conduct a forensic investigation of the incident and to review, audit and enhance its security controls and processes.

In addition to informing the PDPC, she said, it has also reported the incident to the police.

Love, Bonito is also working with "relevant vendors" to investigate and resolve this matter, but it did not specify who these vendors are.

Ms Lim advised customers to check their payment cards or personal account statements for unauthorised charges and to report such charges promptly to their banks.

A version of this article appeared in the print edition of The Straits Times on December 14, 2019, with the headline 'Fashion label Love, Bonito hit by data breach'. Print Edition | Subscribe