[BreachExchange] ShopBack and RedDoorz report data breaches

Mon Sep 28 10:25:37 EDT 2020

https://www.thejakartapost.com/life/2020/09/27/shopback-and-reddoorz-report-data-breaches.html

The local authorities are investigating a data breach at home-grown
e-commerce cashback platform ShopBack, after the firm made public an
incident involving unauthorized access to customers' personal data.

A spokesman for privacy watchdog, the Personal Data Protection
Commission, said it has been notified of the incident. "Investigations
are ongoing," he added.

In an e-mail to customers on Friday evening seen by The Sunday Times,
ShopBack said it became aware of unauthorized access to its systems,
which contained customers' personal data, "a few days ago".

It is still investigating what data has been compromised.

"To date, we have no reason to believe that any of your personal data
has been misused, however the possibility still exists," said the
firm, apologizing for the incident.

"What we can assure you is that your cashback is safe... Your credit
cards are safe, as we do not store your 16-digit card number or CVV on
any of our systems."

ShopBack said it had immediately initiated an investigation after the
incident came to light, and engaged leading cyber security specialists
to assess the extent of the breach and further enhance its safety
measures.

It added that it is currently working with the authorities to
investigate the extent of the damage.

ShopBack said customers' account passwords are encrypted, but
suggested they change them as an "added precautionary measure".

"We also suggest that you do not use the same password on other
digital platforms," it said, while committing to taking steps to
minimise the risk of a similar incident occurring again in future.

ShopBack accounts can still be used as the platform's business
operations have not been affected by the incident.

Customers can contact ShopBack at care at shopback.sg if they have
questions related to the incident.

ShopBack user Cordelia Lee, 24, said she finds unsettling the lack of
confirmation over what data has been breached on the platform.

While she will be changing her account password, the design firm
executive said: "I'm actually more concerned about how this happened,
and am looking forward to the company sharing future steps in...
better securing their customers' data."

Separately, budget hotel management and booking services firm RedDoorz
said yesterday that one of its IT databases suffered a breach last
week.

In a statement, it said no sensitive data pertaining to financial
information, such as customer credit cards or passwords, was
compromised to the best of its knowledge.

Said a spokesman for the company: "We are taking all the necessary
steps to investigate this further and, at the same time, we are
conducting a thorough review of all our IT systems and protection."