On Tuesday (5 Nov), The Straits Times reported that two local companies – Ninja Logistics, which operates Ninja Van, and Singtel – were fined for not properly safeguarding their customers’ personal information.
Singtel and Ninja Van were fined S$25,000 and S$90,000 respectively on Monday (4 Nov), by the Personal Data Protection Commission (PDPC).
Due to a design fault, My Singtel users could log in to other users’ accounts.
The fault apparently came to light in May 2017 when PDPC received an anonymous tip-off about how communications between My Singtel and Singtel’s servers could be interrupted to gain access to other people’s accounts.
According to PDPC, “the informant accessed four billing accounts and extracted the customer’s name, billing address, billing account number, mobile phone number as well as customer service plans.”
PDPC added that Singtel could have faced a maximum fine of $1 million. But because the hack was difficult to carry out, the lapse was seen as less severe, and so too the accorded penalty.
On the other hand, Ninja Logistics left 1.26 million customers’ data exposed through their order tracking function between 2016 and 2018.
Users could reportedly enter a different order tracking number to view details of the other customers with completed orders, including their names, addresses and signatures.
PDPC said this could have easily been avoided if Ninja Logistics had set an expiry date on their tracking orders.
Fortunately, Ninja Logistics clarified that their website was not hacked and there were no evidence of personal data being harvested.
Separately, PDPC noted that there was no evidence of unauthorised access to Singtel customers’ accounts. My Singtel app has since been fixed to prevent similar incidences in future.
Both companies have since fixed those issues.
Thankfully, no data was stolen. These incidents go to show how a small lapse can lead to potentially great consequences. So hopefully, companies will take extra precaution when it comes to handling sensitive customer information.
Feature images adapted from CapitaLand and Flickr.
Mixue will be giving out 1,000 vouchers at each store.
The bubble tea store covered the car wash fee and gave him a new drink.
The man reportedly stabbed her in the face, neck, and abdomen 58 times.
Some netizens felt "nobody" would buy such an unusual combination.
The act was seemingly carried out in the name of a climate activist group.
The baby girl was unresponsive and died in the hospital.