Spore’s largest data breach affects 5.9 million customers of hotel booking site RedDoorz

– Advertisement –

Singapore – Nearly 5.9 million Singaporean and Southeast Asian customers of hotel booking site RedDoorz had their personal data leaked, making the incident the biggest data breach in Singapore.

Losing startup RedDoorz has been discovered to have compromised the personal safety of 5.9 million customers in what the government has called the biggest data breach since the Personal Data Protection Act came into effect. Singapore in 2013.

The Personal Data Protection Commission (PDPC) said in a recent statement that local company Commeasure, which operates the host platform, was fined S$74,000 “for failing to has in place reasonable security measures to prevent unauthorized access and exfiltration of customers’ personal data hosted in a cloud database.

Commeasure’s incident involved breaching the name, contact number, email address, date of birth and encrypted password of the customer’s RedDoorz account as well as any booking information.

However, the hackers did not breach or download customers’ masked credit card numbers, reported The time of the straits Monday (November 15).

The stolen data was put up for sale on a hacker forum before being deleted.

PDPC noted that the hackers likely gained access to RedDoorz’s database hosted on an Amazon cloud database after acquiring an Amazon Web Services access key.

The key was then integrated into an Android application package (APK) that Commeasure created in 2015 and made downloadable for the public on Google Play Store.

Reports noted that the decision to include the access key, labeled as “test key”, in the APK was contrary to Amazon Web Service’s advice.

Also, the APK was still downloadable despite being labeled as “defunct” by the company. It was only removed after the data breach was discovered in 2020.

It was reported that around 9,000 of the affected customers are from Singapore.

Affected customers were notified on September 26, 2020 and asked to change their RedDoorz account password as a security measure.

“In deciding the amount of the financial penalty to be imposed, we also considered that the organization, which operates in the hospitality sector, had been seriously affected by the Covid-19 pandemic,” the PDPC said.

The current maximum fine for companies in a data breach is S$1 million. However, companies can be fined more heavily, up to 10% of their annual turnover in Singapore if it exceeds S$1 million.

The increased fine is expected to take effect at least one year from February 1, 2021. /TISG

Related read: Personal information of more than 57,000 StarHub customers discovered on third-party dump site

Personal information of more than 57,000 StarHub customers discovered on third-party dump site

Follow us on social networks

Send your scoops to [email protected]

– Advertisement –

Comments are closed.