[BreachExchange] 4, 749 KrisShop customers' data exposed after phishing attack on SIA in-flight retailer

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Thu Mar 17 10:22:29 EDT 2022


https://mothership.sg/2022/03/krisshop-phishing/

The personal information of 4,749 KrisShop customers have been compromised
and exposed to an unknown entity after a phishing attack on an Singapore
Airlines' in-flight retailer employee account, The Straits Times reported.

A KrisShop employee's work account was illegally accessed by an external
party on March 8 due to a phishing attack.

Types of info compromised
The data compromised included names, bank account numbers, e-mail
addresses, residential addresses, contact numbers, and KrisShop e-voucher
numbers, and KrisFlyer account numbers.

About 165 customers had their bank account numbers exposed.

A total of 17 customers had their KrisFlyer account numbers revealed.

KrisShop told ST on March 17 that password or credit card information were
not leaked.

Customers informed
KrisShop has apologised to affected customers for the incident.

It also said it is in the process of contacting them and will be offering
any assistance that they may require.

No details were provided on the nature of the attack.

PDPC notified
The Personal Data Protection Commission was notified on March 10.

This was after the information required for KrisShop to make a report was
verified internally by the company.

The affected KrisShop e-vouchers have also been cancelled and replaced.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220317/9db6c811/attachment.html>


More information about the BreachExchange mailing list