Singapore Airlines’ (SIA) retailing arm KrisShop announced today (March 17) that the personal information of 4,749 of its customers was exposed following a phishing attack targeting an employee account.
The data breach was discovered last Tuesday (March 8) after one of its employee’s work account was illegally accessed. KrisShop subsequently reported the incident to the Personal Data Protection Commission on March 10.
The compromised data includes names, email addresses, residential addresses and contact numbers of customers, as well as KrisShop e-voucher numbers.
A smaller group of customers’ bank accounts and KrisFlyer account numbers were also exposed.
What is KrisShop doing about it?
KrisShop has since apologised to affected customers, and stated that it will extend any necessary assistance if needed. They have also replaced the affected e-vouchers.
A spokesperson for KrisShop told Vulcan Post that the protection of customers’ personal data is of the utmost importance, and said that customers who have queries may email KrisShop’s customer service team. Additionally, KrisShop will be implementing measures which include increasing the frequency of training on information security for all employees, and implement an additional level of authentication across all KrisShop employee accounts to guard against unauthorised logins.
While KrisShop has declined to comment on the identity of the phisher, they have assured customers that the breach is an isolated incident due to human error. The account was also quickly shut down as soon as the attack was discovered, prompting immediate investigations.
This security breach comes amidst a backdrop of rising scams in Singapore, such as the recent OCBC SMS phishing scam, and job scams on messaging applications. In response, governments and banks alike have stepped up scam alerts and scam prevention measures to combat such scam attacks.
Featured Image Credit: DFNI