Singapore Data Privacy Watchdog Investigates Customer Data Breach on ShopBack, Singapore News & Top Stories

SINGAPORE – Local authorities are investigating a data breach on the local e-commerce money-back platform ShopBack, after the company made public an incident related to unauthorized access to customers’ personal data.

A spokesman for the privacy watchdog, the Personal Data Protection Commission, said it has been notified of the incident. “Investigations are ongoing,” he added.

In an email to customers on Friday (September 25) viewed by The Straits Times, ShopBack said it became aware of unauthorized access to its systems containing personal customer data “a few days ago.” He was still investigating what data had been compromised.

“To date, we have no reason to believe that any of your personal data has been misused, however the possibility still exists,” the firm said, apologizing for the incident.

“What we can assure you is that your refund is safe … Your credit cards are safe, as we do not store your 16-digit card number or CVV in any of our systems.”

ShopBack said it had immediately launched an investigation after the incident came to light and hired top cybersecurity specialists to assess the scope of the breach and also to further enhance its security measures.

He added that he is currently working together with authorities to investigate the extent of the damage.

ShopBack said that customer account passwords are encrypted, but suggested changing them as an “added precautionary measure.”

“We also suggest that you do not use the same password on other digital platforms,” ​​he said, while pledging to take steps to minimize the risk of a similar incident happening again in the future.

ShopBack accounts can still be used as the platform’s business operations have not been affected by the incident.

Customers can contact Shopback at [email protected] with questions related to the incident.

ShopBack user Cordelia Lee, 24, said she is disturbed by the lack of confirmation about what data was breached on the platform.

While he will change his account password, the design firm executive said: “Actually, I am more concerned with how this happened and I hope the company will share future steps to ensure better protection of its clients’ data.” .