On Tuesday (5 Nov), The Straits Times reported that two local companies – Ninja Logistics, which operates Ninja Van, and Singtel – were fined for not properly safeguarding their customers’ personal information.
Singtel and Ninja Van were fined S$25,000 and S$90,000 respectively on Monday (4 Nov), by the Personal Data Protection Commission (PDPC).
Due to a design fault, My Singtel users could log in to other users’ accounts.
The fault apparently came to light in May 2017 when PDPC received an anonymous tip-off about how communications between My Singtel and Singtel’s servers could be interrupted to gain access to other people’s accounts.
According to PDPC, “the informant accessed four billing accounts and extracted the customer’s name, billing address, billing account number, mobile phone number as well as customer service plans.”
PDPC added that Singtel could have faced a maximum fine of $1 million. But because the hack was difficult to carry out, the lapse was seen as less severe, and so too the accorded penalty.
On the other hand, Ninja Logistics left 1.26 million customers’ data exposed through their order tracking function between 2016 and 2018.
Users could reportedly enter a different order tracking number to view details of the other customers with completed orders, including their names, addresses and signatures.
PDPC said this could have easily been avoided if Ninja Logistics had set an expiry date on their tracking orders.
Fortunately, Ninja Logistics clarified that their website was not hacked and there were no evidence of personal data being harvested.
Separately, PDPC noted that there was no evidence of unauthorised access to Singtel customers’ accounts. My Singtel app has since been fixed to prevent similar incidences in future.
Both companies have since fixed those issues.
Thankfully, no data was stolen. These incidents go to show how a small lapse can lead to potentially great consequences. So hopefully, companies will take extra precaution when it comes to handling sensitive customer information.
Feature images adapted from CapitaLand and Flickr.
A record of more than 553,000 travellers crossed both checkpoints on 13 Dec.
There has been no year-end Covid-19 wave, as had been expected.
The beef was imported without a veterinary health certificate and halal certification.
One fan started queueing as early as 7am.
The company made the change after parents said they wanted to make sure their gifts…
An incredible twist of fortune for the police -- and a stroke of bad luck…