Skip to main content

Advertisement

Advertisement

Lazada suffers data breach; personal information from 1.1 million RedMart accounts for sale online

SINGAPORE — Personal information from 1.1 million RedMart accounts was stolen from e-commerce platform Lazada and sold online in a data breach.

Lazada added the information stolen was last updated in March 2019, and the affected RedMart-only database is not linked to any Lazada database.

Lazada added the information stolen was last updated in March 2019, and the affected RedMart-only database is not linked to any Lazada database.

Follow TODAY on WhatsApp

SINGAPORE — Personal information from 1.1 million RedMart accounts was stolen from e-commerce platform Lazada and sold online in a data breach.

A Lazada spokesperson confirmed this to CNA on Friday (Oct 30).

CNA had earlier come across an online forum which was purportedly selling personal data from various e-commerce sites around the world, including Lazada.

The site claimed to have information like names, phone numbers and partial credit card numbers from about 1.1 million users.

"Our cybersecurity team discovered an individual claiming to be in possession of a RedMart customer database taken from a legacy RedMart system no longer in use by the company," a spokesperson from Lazada said in a statement referring to the online supermarket platform it acquired in 2016.

Lazada added the information stolen was last updated in March 2019, and the affected RedMart-only database is not linked to any Lazada database.

"This RedMart-only information is more than 18 months out of date and not linked to any Lazada database. The user information that was illegally accessed include names, phone numbers, email and mailing addresses, encrypted passwords and partial credit card numbers. We have taken immediate action to block unauthorised access to the database," a Lazada spokesperson said.

Lazada is currently investigating the data breach, and has informed the Personal Data Protection Commission of the breach.

A spokesperson for the Personal Data Protection Commission said it was aware of the incident and was looking into the matter.

Lazada said it was in the process of reaching out to all affected customers, and reminding them to change their log-in credentials as a safety precaution.

It added: “Protecting the data and privacy of our customers is a top priority, and we are working swiftly to resolve this." CNA

For more stories like this, visit cna.asia

Related topics

Lazada RedMart cyber security PDPA data breach

Read more of the latest in

Advertisement

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.