Skip to main content

Advertisement

Advertisement

4,749 KrisShop customers' personal data 'may have been exposed' after phishing attack

SINGAPORE — A total of 4,749 KrisShop customers' personal data "may have been exposed" after a phishing attack, the retailer said on (March 17).

4,749 KrisShop customers' personal data 'may have been exposed' after phishing attack

SINGAPORE — A total of 4,749 KrisShop customers' personal data "may have been exposed" after a phishing attack, the retailer said on (March 17).

The data potentially includes the names, email addresses, addresses, contact numbers, and e-voucher numbers belonging to these individuals, KrisShop said in response to CNA's queries.

Of the 4,749 customers, the bank account numbers of about 165 individuals, as well as the KrisFlyer account number of 17 people, may have also been exposed.

EMPLOYEE'S ACCOUNT ILLEGALLY ACCESSED

On March 8, KrisShop learnt that an employee’s work account was illegally accessed by an external party as a result of a phishing attack.

The affected account was locked as soon as KrisShop was alerted to the phishing attack, and investigations began.

"Based on our investigations, the data did not include any password or credit card information, as the files did not include such information," said the retailer.

The affected KrisShop e-vouchers have been cancelled and replaced.

After KrisShop reviewed its systems and processes together with Singapore Airlines, the retailer established that it was an "isolated incident that arose due to human error", and that none of its other databases or systems have been compromised.

"The protection of our customers’ personal data is of utmost importance to KrisShop. We will continue to take steps to strengthen our systems and processes," said the retailer, adding that it was unable to provide further details of the attacker's identity as investigations were underway.

The Personal Data Protection Commission (PDPC) was notified on March 10 after the information required for filing the report was verified internally.

"KrisShop would like to apologise to all affected customers for this incident, and the inconvenience that it has caused to them," said the spokesperson.

"We are in process of contacting affected customers, and will be offering any assistance that they may require."

A PDPC spokesperson confirmed that KrisShop has notified the commission, and said it is looking into the matter.

Customers with queries may contact KrisShopCustomerCare [at] krisshop.com.

A recent SMS phishing scam targeting bank customers resulted in hundreds of OCBC Bank customers losing a total of S$13.7 million.

In February, the police said they have observed at least 900 cases of phishing scams since January this year. CNA

For more reports like this, visit cna.asia.

Related topics

Singapore Airlines KrisShop phishing PDPC

Read more of the latest in

Advertisement

Popular

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.