Online cashback service ShopBack is currently investigating a data leak, the firm told customers in an email on Friday. After being alerted to “an incident involving unauthorized access” on September 17, ShopBack removed this access and engaged cybersecurity specialists to investigate the situation and to “fortify [its] security infrastructure,” the company said.
The investigation is still ongoing. “At this point, we are confirming exactly what data has been compromised,” a ShopBack spokesperson told KrASIA. “Our customers can continue to access their ShopBack account and use our services. Business operations have not been affected by the incident.”
According to The Straits Times, the Personal Data Protection Commission, Singapore’s privacy watchdog, has been notified of the incident and is currently investigating it. ShopBack also noted in its email that it is cooperating with authorities.
Information that might have been exposed include names, contact information, gender, dates of birth, identification numbers, and bank account numbers. ShopBack reassured customers that their passwords remain protected by encryption. Credit card details were also not compromised, the firm claimed, as they are not stored on ShopBack’s systems. The firm nevertheless encouraged customers to change their passwords as a precautionary measure, and advised them to avoid using the same password on other platforms.
In July, ride-hailing firm Grab was fined SGD 10,000 (USD 7,300) by the watchdog for exposing personal data of more than 21,000 users. The leak was Grab’s fourth privacy breach in Singapore since 2018. Gaming hardware company Razer also compromised details of approximately 100,000 customers, according to a report earlier this month.