Club 21's data breach raises questions on online security again

In an online statement, luxury retail company Club 21 admitted to its site being hacked nearly two weeks ago on 19 May 2014. According to Club 21's investigations, the affected consisted of mainly customers who had signed up for the Club 21 Loyalty Programme in Singapore prior to October 2009.

In a statement to the press, the merchant said that the server was “maliciously attacked with the intent of gaining unauthorised access”.

On the two week's delay in announcing the breach, the retailer said: "Forensics analysis takes time and we wanted to be sure of our facts before we went out to the members who are our top priority. "

"Investigations are still ongoing & we will update our site information at when we have more information."

Club21’s ongoing investigations have also revealed that the attack may have affected some personal information consumers might have provided, such as obsolete membership card number, name, gender, NRIC/Passport number and date of birth, as well as address, telephone number and email address. In a few limited cases, income range and past sales data were also affected.

Much of this was partial in nature, it said.

Members have also been updated via email whether or not they were affected whilst other means of communication, such as telephone and postal mail are being utlised for those without email access.

“We are sorry this incident occurred. We value the trust you have placed in us by providing your personal information so that we may serve you better. For over forty years, our top priority has been to deliver exceptional customer service. This commitment is driving us to do everything possible to address this incident and to prevent this from happening again,” it added in the online statement.

This is not the first incident in recent times. Last year, we saw several brands being hacked including local newspaper The Straits Times and several government sites.

As digital marketing plays a bigger role in most brands’ marketing mix, security will become a very pressing concern.

“In the recent month, a series of cyber attacks occurring in succession highlights the dire consequences of having lax digital marketing security,” said Ryan Lim, founder of Blugrapes in a recent interview.

“Currently, there is a noticeably low level of awareness of digital security amongst marketers. Most marketers are not trained to fully understand the dangers and implications of not having digital protection measures,” said Lim. As a result, very little resources (if any at all) are allocated to digital marketing protection security policies.

Meanwhile, in an earlier interview, Margaret Manning of Reading Room also added that hacking can have an adverse affect on the morale within the company itself along with the brand’s reputation, and trust that its customers have for it.

“It is clear that a hack has a detrimental effect on a brand’s value, both in the immediate short-term, but also in the restoration of a brand’s value moving forward,” said Manning.

“Brands spend a lot of money on advertising and marketing; they spend time creating, reinforcing and protecting their brand. And yet, as we’ve seen, they often don’t pay enough attention to protecting that brand online, in addressing both human and technological vulnerabilities,” she added.

Read also:

10 tips to handle hacking

When hacking does your brand a favour

FB, Microsoft, Google battle hackers