SINGAPORE – Personal data of OG department store customers such as names, cell phone numbers and dates of birth has been leaked, the retailer said on Thursday (January 6).
In a statement to members of the OG, the department store said it was made aware of the data breach on Tuesday, which affected members of the base level or the gold level.
In response to questions from the Straits Times, OG said it asked its service provider to take immediate action to manage and remedy the breach and keep the database secure.
An OG spokesperson said: “OG management works closely with cybersecurity consultants and the authorities to strengthen our safeguards, systems and processes. Our priority is to guarantee the security of customer data.
In the statement to its members, OG said its preliminary investigations indicated that the database, which had been stored and maintained by an external third-party membership portal service provider, had been compromised.
“We are informing you (OG members) now so that you can quickly take the appropriate steps to protect your credentials online,” the department store said.
The spokesperson and the statement did not say how many members were affected.
Data that may have been compromised includes the names of the members of the OG, their postal addresses, e-mail addresses, mobile phone numbers, gender and date of birth. Encrypted data – NRIC numbers and passwords – could also have been stolen.
He added that no financial information, such as credit card numbers, had been disclosed.
In his statement, OG said he reported the matter to the police and other relevant authorities, including the Personal Data Protection Commission (PDPC) and the Singapore Cyber Security Agency (CSA).
The retailer said those affected should be wary of phishing or identity theft attempts. He urged members who have reused their OG membership password on different websites or platforms to immediately change their password to avoid possible compromise of their other accounts.
Those affected by the incident can also activate additional security measures, such as multi-factor authentication if it is supported, the retailer said.
Those with questions and concerns can contact OG at [email protected]
ST has contacted CSA and PDPC for comment.