Gas and electricity provider, SP Group posted on Facebook on Thursday (30 August) to inform the public that it has “sent a group of customers an email which showed the email addresses of all recipients”.
It added that there were no other personal information compromised and apologised.
Affected customers have been notified and they are currently “conducting a thorough investigation”, stating that they are taking measures to prevent the incident from happening again.
According to a report on The Straits Times (ST), the Personal Data Protection Commission (PDPC) is currently investigating SP Group for exposing 706 email addresses.
The emails sent out were meant to remind customers to update their user ID for their SP Group accounts, as its website will not accept NRIC or FIN numbers for account logins from 1 September.
From 1 September, it will be illegal for firms to collect, use, and disclose NRIC numbers.
This leak could be a breach of the Personal Data Protection Act.
Previously, companies such as Spize and GrabCar were fined $20,000 and $16,000, respectively, for a breach in their security that led to the leaks.
Makeup and beauty firm Sephora also had a data breach that saw affected customers’ personal information exposed to unauthorised third parties.
On Wednesday (28 August), SP Group alerted the public about a phishing scam that was luring customers into voluntarily giving up their personal details on a fake website disguised as the company.
“Please be vigilant and alert to any unsolicited or suspicious email. SP Group does not request customers to verify their personal information by clicking on an email link of this nature,” the firm said.
For more information on the personal privacy guidelines, visit here.
Featured Image Credit: DP Architects
