Categories: Latest NewsSingapore

Love, Bonito Fined S$24,000 For 2019 Data Breach, Security Measures Were Inadequate

Love, Bonito Fined S$24,000 Over Company Breach That Compromised Personal Data

These days, buying something is as simple as going online, choosing the items we want, and keying in our payment details.

However, the processes behind the scenes are more complicated than we think. When something goes wrong, the consequences can be dire.

Source: Love, Bonito

On Thursday (19 May), popular fashion label Love, Bonito was fined S$24,000 for failing to protect the personal information of over 5,500 customers in 2019.

The data breach had to do with an administrator account of software used by the company to manage its e-commerce website.

PDPC says Love, Bonito security measures were inadequate

According to The Straits Times (ST), the Personal Data Protection Commission (PDPC) said in their report that Love, Bonito’s password policy for its website management software accounts was not strong enough.

Previously, the company had adopted the software’s default security settings, such as a required password length and maximum login attempts.

However, these were not enough to prevent breaches, said PDPC. For example, they could have made it compulsory for customers to update their passwords regularly.

The default security settings of the software also did not make it compulsory for employees to refrain from using passwords that can be easily guessed.

For example, one of the administrator accounts, according to the PDPC, had “ilovebonito88” as the password.

Such passwords made it easy for hackers to guess and made the company vulnerable to brute-force attacks.

 

This refers to a common way of guessing passwords by trying any possible combination of letters, numbers and symbols.

Love, Bonito customers’ data leaked to third party

According to ST, the PDPC found that Love, Bonito had failed to implement reasonable security arrangements to protect their customers’ personal data, such as first and last names, phone numbers, and credit card details.

As a result, an administrator account of a software used by Love, Bonito to manage its website, was used by a mysterious third party to gain access to customers’ data.

An unauthorised programming code was added to the website, allowing customers’ credit card information to be transferred to an unknown third party.

The findings were uncovered by the company’s investigations, its digital solution providers, and a private forensic investigator.

In Nov 2019, the company discovered that its check-out page was incorrectly configured after noticing a dip in credit card authorisations.

Unknown to them, when customers tried to make payments, their credit card information was sent to a third party instead of Love, Bonito. Even though the issue was fixed, the same problem occurred in Dec 2019.

Investigations found that the problem was caused by a code that ran every time customers accessed the website’s check-out page to pay for their orders, along with the unauthorised use of said administrator account.

Love, Bonito then informed their customers of the breach on 13 Dec 2019 and advised them to check with their banks.

Hope companies will be more responsible

When it comes to technology, there’s always more than meets the eye. Many of us might not have been aware of the technical complexity behind a seemingly simple e-commerce website, as well as the risks involved.

Nevertheless, it is the responsibility of every company to protect the personal information of their customers who have placed their trust in them.

Hopefully, Love, Bonito will use the feedback from PDPC to implement a more robust security system so that such incidents will not happen again.

Have news you must share? Get in touch with us via email at news@mustsharenews.com.

Featured image adapted from TheSmartLocal.

Sarah Kamal

Sarah is a Linguistics buff who starts every day with a cup of Earl Grey rose lavender tea.

Recent Posts

M’sia Airlines grounds new Airbus just days after maiden flight, cites technical issues

The brand-new jet suffered a series of technical issues since its first-ever flight on 19…

23 Dec 2024, 6:17 pm

Family in S’pore finds snake on side view mirror mid-drive, netizens quip ‘Snake Year is coming’

The Paradise Tree Snake may have misjudged its landing and ended up on the car.

23 Dec 2024, 4:48 pm

69-year-old man dies after fight with 71-year-old neighbour over bumping into each other

The 69-year-old was reportedly upset over his neighbour's refusal to apologise.

23 Dec 2024, 4:33 pm

Bloomberg issued POFMA order over S’pore GCB transactions article, Govt addresses ‘falsehoods’

False claims include that GCB transactions occur without government checks on beneficial owners' identities.

23 Dec 2024, 3:35 pm

Woman set on fire aboard New York subway train, suspect allegedly watches her burn

The suspect casually watched as the woman became consumed by flames.

23 Dec 2024, 3:14 pm

Elderly man pickpocketed on bus from JB to S’pore, loses S$450 & has S$800 charged to credit card

The thief left the wallet and more than RM200 behind, presumably to mislead the 72-year-old…

23 Dec 2024, 1:38 pm