Blog site

Personal information of nearly 5.9 million customers of hotel booking site RedDoorz leaked in biggest data breach in Singapore, IT News, ET CIO

In Singapore’s biggest data breach, the personal information of nearly 5.9 million Singaporean and Southeast Asian customers from a hotel booking site has been disclosed, according to a published news article Monday.

The Personal Data Protection Commission (PDPC) has fined Commeasure, a local company that operates the RedDoorz website, SGD 74,000.

However, the amount is far less than the combined SGD 1 million fine imposed on SingHealth and Integrated Health Information Systems for the 2018 data breach that affected 1.5 million people, The Straits reported. Times.

According to PDPC, the amount of the fine was finalized taking into account the difficulties in the hotel sector caused by the COVID-19 pandemic.

“In deciding on the amount of the financial penalty to be imposed, we also considered that the organization, which operates in the hotel sector, had been seriously affected by the Covid-19 pandemic,” said the PDPC in its judgment rendered last Thursday.

“This is the largest data breach since the entry into force of the Personal Data Protection Act,” he said.

Commeasure discovered the breach on September 19 last year after a U.S. cybersecurity firm alerted the company.

RedDoorz said most of the compromised data came from the booking platform’s largest market, Indonesia. The company’s clients are all from Southeast Asia. It is understood that approximately 9,000 of those affected are from Singapore.

The compromised data included name, contact number, email address, date of birth, encrypted password for their RedDoorz account, and guest booking information. Hackers did not access or download customers’ hidden credit card numbers.

The stolen data was put up for sale on a hacker forum before it was deleted, according to the Business Times of Singapore report last year.

Commeasure informed affected customers of the data breach on September 26 of last year and advised them to change their RedDoorz account passwords. The PDPC was notified on September 25.