Five local companies were slapped with S$177,000 in fines for data leaks on Monday (Nov 4).
They are: Singtel, Ninja Van, EU Holidays, MOE vendor Marshall Cavendish, and recruitment agency SearchAsia Consulting.
The leaked data includes signatures, birth certs, IC numbers, passport details, addresses, and resumes.
Singapore’s Personal Data Protection Commission (PDPC) has fined five companies here a total of S$177,000 for leaking customer data.
The data leaks originated from app design flaws, poor website security, and nonexistent data security practices.
In a statement published on Monday (Nov 4), PDPC identified the companies as Singtel, Ninja Van, EU Holidays, Marshall Cavendish, and SearchAsia Consulting.
Ninja Van was slapped with the heftiest fine of S$90,000 after a flaw in its website’s parcel tracking page allowed public access to the names, addresses and signatures of over 1.2 million customers over two years.
Meanwhile, Ministry of Education vendor Marshall Cavendish was fined S$40,000 after ransomware infected 11 servers containing the birth certs, IC numbers and schooling details of over 250,000 students.
Singtel was fined S$25,000 after a design issue in its app allowed its 330,000 users to see each other’s account details, including bills, home addresses, and phone numbers.
EU Holidays was fined S$15,000 after a user saw customers’ personal information while browsing the site for holiday packages. The names, passport details, addresses, and mobile phone numbers of over 1,000 customers were exposed.
Recruitment agency SearchAsia Consulting was fined S$7,000 after the submitted resumes of job seekers became publicly searchable on the Internet.
PDPC also issued a warning to Tan Tock Seng Hospital for sending 85 patient appointment letters to the wrong addresses.
- Data security is a waste of money, says execs whose companies suffered data breaches