JPDP to investigate number of Malaysians affected by ShopBack data breach



[ad_1]

PETALING JAYA: The Department of Personal Data Protection (JPDP) said it will seek comment from ShopBack Cashback Sdn Bhd regarding the number of Malaysians who may have been affected following a recent personal data breach involving the company.

JPDP in a statement said ShopBack had uncovered an incident involving unauthorized access to its systems containing personal information about customers, such as names, contact information, dates of birth and bank account numbers, on September 17.

He was then notified of the situation by a representative designated by ShopBack on September 25.

“The notification indicated that ShopBack will begin the process of contacting its customers by email and will establish a website with questions and answers (Q&A) to provide clarification, along with the actions that will be taken after the discovery of the infringement,” JPDP said in the statement.

The government agency said it was also briefed on ShopBack’s migration plan to prevent the gap from escalating further, and that it had been assured that these plans could fully contain the gap.

“The Department will also work closely with the relevant authorities to measure the severity of the breach of personal data in accordance with the Personal Data Protection Act 2010 (Law 709),” adding that the department considered the breach as a serious matter.

In an email sent to customers on September 25, ShopBack said it was still confirming what data has been compromised and that it “has no reason” to believe that any personal data has been misused. However, he admitted that “the possibility still exists.”

“What we can assure you is that your refund is secure, we do not collect credit card details, and your ShopBack account is protected by encryption,” he said, adding that he “immediately removed” unauthorized access after being informed of the trouble.

The company, which offers cash rewards for online purchases, said its services and business operations have not been affected by the incident. She advised users to change their passwords, report any suspicious emails to the relevant authorities, and stay alert.

“While bank account numbers do not allow third parties to directly access their bank accounts, users who have provided us with their bank account numbers should be on the lookout for possible phishing attacks,” he added.

LifestyleTech has reached out to ShopBack for comment.



[ad_2]