Southeast Asia's eCommerce platform Lazada has reported a data breach, ahead of its annual Single's Day sales. In a statement, Lazada said its cybersecurity team discovered a breach in Singapore on 29 October, involving a RedMart-only database hosted on a third-party service provider. The information that was illegally accessed include the names, phone numbers, emails, addresses, encrypted passwords and partial credit card numbers of RedMart customers. However, Lazada said the data hosted is more than 18 months out of date, as it was last updated in March 2019. The data was also said to be used on the previous RedMart app and website, which are no longer in use.
Lazada added that its customer data in Southeast Asia is not affected by this incident, and it has taken immediate action to block unauthorised access to the database. "Protecting the data and privacy of our users is of utmost importance to us. Apart from reviewing and fortifying our security infrastructure, we are working very closely with the relevant authorities on this incident and remain committed to providing all necessary support to our users," the Alibaba owned eCommerce player added.
This data breach comes just before its 11.11 mega sale, which is arguably one of Alibaba's most epic sale in the year. In a press conference held last week, Jessica Liu, co-president and regional head of commercial of Lazada Group, outlined the eCommerce platform's initiatives for this year's mega sales. This included collaborating with more than 70 brands to create a visually fun brand showcase, having more than 350,000 sellers and brands participating in the sale including Lancôme, Under Armour, and Swatch, as well as launching enhanced shoppertainment content.
Deeming the 11.11 mega sale to be "the graduate examination" of all its strategies and initiatives over the year, the brand is seen to have acted swiftly to the crisis. According to Joseph Chua, chief commercial officer of Aiken Digital, the brand acted promptly and responsibly by informing all the users of the data breach, the moment it found out about the incident, as such this is unlikely to impact their Single’s Day sales. "Lazada clearly followed a well defined, properly executed crisis playbook. Lazada made it mandatory for all users to reset their password the next day. This shows that all these contingencies were in place,” he added.
Dhawal Shah, director of digital marketing agency 2Stallions echoed Chua’s sentiments that the breach is unlikely to have an impact on the Single’s Day sales. “First,Lazada has informed consumers that it’s a separate external server that’s specific to RedMart. Moreover, it has come clean and shared what it has done to close the breach and any next steps we should take,” he said. Shah added that given Single’s day is more so associated with Lazada than Redmart, although both are owned by the same entity, the impact is probably going to be minimal.
Lazada's communication plan is well-aligned with PR players' rule book when it comes to data breaches as well.
Adding to the conversation, Kelvin Koo, former CEO of FALCON, said consumers are unlikely to be deterred from shopping on Lazada during the 11.11 sales despite the data breach because they have not suffered any personal damage (yet) from the breach. So during the sale, the consumer will still be focused on finding the best deals, whether it is from RedMart, NTUC, or Amazon. They will most likely not be focused on which company protects their data better.
Having said that, Koo said the breach highlights a growing trend that brands should be concerned about, specifically how they deal with legacy/outdated data as they move to new systems and platforms. "I think as an industry, there needs to be better governance and enforcement over how 'old data' is handled as we have seen too often, including the SingHealth case, where the vulnerability came from a 'decommissioned' database, he added.
Koo also said similar to any crisis, Lazada should ensure consumer trust is not lost through this data breach by controlling the narrative and stamping out misinformation. They should also show a commitment to rebuilding trust by highlighting steps being taken to ensure the customer their data is safe. If Lazada can do these two things well in their communication to their consumers, all will be forgotten and forgiven very easily, according to Koo.
In a previous conversation with MARKETING-INTERACTIVE, Pamela Tor Das, managing director, LEWIS Singapore said should a breach occur, transparency and speed are key to a brand’s reaction - both of which has been done swiftly by Lazada. Additionally, Nadia Chan, general manager, PR Communications, added that brands should always aim to be the first source of information for the public when a breach occurrs. This will allow them to control the narrative around the issue, before news of it spreads quickly on mainstream media or through word of mouth, she added.
Data breaches on the rise
The rise in data breaches has been prevalent in recent years. According to Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, phishing attacks targeting businesses in Singapore has increased by 61% from 55,653 in the first half of 2019 to 89,351 in the same period in 2020. Singapore is not the only country witnessing this rise, with similar patterns of growth tracked across other countries such as Indonesia, Malaysia, Philippines, Thailand and Vietnam. “Considering that phishing attacks are often conducted with the purpose of stealing user data and gaining access to accounts, such statistics lend credibility to the observation that we are seeing more data breaches happening in recent years,” Yeo said.
Moreover, the rise of eCommerce nowadays means there is a “wealth of customer data” available online for cybercriminals to harvest. Therefore, Yeo said there is “an urgent need” for brands to enhance their cybersecurity posture.
Agreeing that all brands are equally vulnerable to cyberattacks is Kerry Singleton, managing director, cybersecurity, Asia Pacific, Japan and China, at Cisco. Although he acknowledges that smaller businesses can sometimes be an easier target as they may not have the enterprise-class security built in, Singleton is of the view that no businesses are spared from being a potential target. “Today, any company that requires an internet or VPN connection and involves customer information has a chance of falling prey to a data breach,” he said.
Noting the rise of breaches, most recently the Singapore government proposed to issue a fine of up to 10% of a company’s annual turnover in Singapore, or SG$1 million (whichever is higher), should a company be found guilty of a data breach. This comes following a slew of data breaches in the recent months from companies such as ShopBack, Razer, RedDoorz, and Shopify. The local government also had several lapses of data breaches in recent times, including the leak of over 800,000 blood donors' personal particulars due to mishandling of data by a vendor of the Health Sciences Authority.
Lazada's data breach, however, is not deterring Lazada's plans around investing in its digital efforts and helping its online sellers grow their business. Just today, it announced a tie-up with Google to launch free training courses for its online sellers. Ahead of the busy holiday shopping season, the partnership aims to provide small retailers with more educational resources to improve their online presence, especially during this challenging year.
As part of the partnership, small businesses across Southeast Asia can access free short courses by Lazada University as well as new interactive mini-courses via the Google Primer app. The training courses will cover topics such as business strategy and digital marketing and will help address barriers of entry to starting an online shop. According to a press release, Lazada merchants can also access the co-created content directly on the Lazada University Portal, with curriculums tailored for each country. They can also participate in sessions conducted by Google experts that are live-streamed on the Lazada University site.
Jon Chin, regional head of seller growth and engagement at Lazada added that it expects a peak onboarding season during and after its upcoming mega sales campaigns, and this partnership can help equip sellers with digital skills in a short period of time, which will enable them to tap into online opportunities and ride on the year end holiday season to boost their sales.
With so many pieces of content online, how do you grab the attention of your online audience and get them fully engaged in your brand message and experience. To learn the tips and tricks, join our Viral Content Creation: Convert Readers into Customers masterclass.