Clarins has suffered a data security breach, which may have involved Singapore customers' personal information as well. According to Channel NewsAsia, the data breach was caused by a critical vulnerability in a widely used software known as Log4j. Clarins uses Log4j to manage its database containing the personal data of its Singapore customers, and became aware of the breach when a staff member was unable to access the database.
The data accessed may have included customers' personal information such as their names, addresses, emails, phone numbers and their Clarins loyalty programme status, CNA reported. However, passwords and credit card and payment information had not been breached as they were not in the server that was breached.
CNA also quoted Clarins stating that the database was promptly patched within hours of the security breach. Clarins had also reportedly said that it is working with law and security personnel to properly address the incident, and has also notified the Singapore Personal Data Protection Commission on the security breach. MARKETING-INTERACTIVE has reached out to Clarins for comment.
Clarins is not the first to fall victim to a security breach this year. Just last week, OG department store suffered a data security breach that affected members who were in the basic and gold tiers. According to The Straits Times (ST), OG was made aware of the security breach on 4 January. Preliminary investigations revealed that the database, stored and managed by an external third-party membership portal service provider, had been compromised. Data that may have been accessed included names of OG members' names, addresses, emails, phone numbers, gender and dates of birth, ST reported. Encrypted data, such as members' of NRIC numbers and passwords, may have also been accessed.
PDPC fines RedDoorz SG's site operator over data leak of 5.9m consumers
Analysis: SG govt to fine brands caught in data breaches
MyRepublic experiences data breach of nearly 80k customers
StarHub and real estate group OrangeTee fall victim to data breaches
NTUC's e2i data breach puts 30k individuals' data at risk of exposure