According to a media report on Monday, the personal information of over 5.9 million Singaporean and South-east Asian users of a hotel booking service was leaked in Singapore’s greatest data breach.
Commeasure, a local firm that operates the website RedDoorz, has been fined SGD 74,000 by the Personal Data Protection Commission (PDPC).
According to The Straits Times newspaper, the amount is substantially lower than the combined SGD 1 million fine imposed on SingHealth and Integrated Health Information Systems for the 2018 data breach that affected 1.5 million people.
The PDPC noted that the fine amount was fixed after considering the impact of the COVID-19 pandemic on the hospitality industry.
The PDPC in its judgment issued last Thursday, said “In deciding the amount of financial penalty to be imposed, we also considered that the organisation, which operates in the hospitality industry, had been severely impacted by the Covid-19 pandemic,”
“This is the largest data breach that has occurred since the Personal Data Protection Act came into effect,” it said.
After an American cyber-security firm alerted Commeasure, it learned about the breach on September 19 of last year.
The majority of the exposed data originated from RedDoorz’s largest market, Indonesia, according to the company. All of the company’s clients are from Southeast Asia. Approximately 9,000 persons from Singapore are believed to be affected.
Customers’ name, contact number, e-mail address, date of birth, encrypted password to their RedDoorz account and booking information, was said to be compromised. Customers’ masked credit card numbers were not accessed or downloaded by the hackers.