[BreachExchange] Ikea says sorry for customer data breach

Destry Winant destry at riskbasedsecurity.com
Mon Aug 5 02:17:27 EDT 2019


Swedish retailer Ikea yesterday apologised to affected customers in
Singapore after the company inserted 410 individual e-mail addresses
in the wrong message field of a promotional mailer and sent it out.

A spokesman for Ikea Singapore said the incident occurred at 4.57pm
last Thursday and that it "regretfully made an error of inserting 410
individual e-mail addresses in the 'To' field in an Ikea service
delivery promotion e-mail sent to our customers", making the e-mail
addresses visible to all recipients of the mailer.

However, the second e-mail it sent to quickly notify affected
customers about the leak and to apologise included an internal draft
of the apology instead.

"In our haste to notify the custo-mers as quickly as possible, we
again made a mistake by sending half the recipients an internal draft
of the apology notice instead, an oversight that we are embarrassed
about," Ikea said.

Ikea said it takes customers' personal data integrity seriously and
has notified the Personal Data Protection Commission of Singapore

Under the Personal Data Protection Act, organisations must generally
have an individual's knowledge and consent when collecting, using or
disclosing their personal data.

Last month, international beauty retailer Sephora issued a notice to
its online customers after it discovered a data breach affecting
customers in Singapore, Malaysia, Indonesia, Thailand, the
Philippines, New Zealand and Australia.

Electricity retailer Geneco was probed by the PDPC last month after it
exposed the e-mail addresses of more than 350 of its potential

More information about the BreachExchange mailing list