IKEA Singapore apologises for leaking customers’ email IDs in EDM

IKEA Singapore has apologised for leaking customers’ email addresses in a promotional mailer. In a statement to Marketing, an IKEA spokesperson confirmed that it inserted about 410 customers’ email addresses in the “To” field in an IKEA service delivery promotion email. As such, recipients of the mailer were able to see the IDs of other recipients.According to IKEA, these were customers who were eligible for a home delivery promotion/gift card. Apart from visible email addresses, the spokesperson clarified that no personal customer data was shared. While IKEA was quick to notify consumers impacted by the leak, its follow up email contained an internal draft of the apology, said the spokesperson, adding that this subsequent email was sent to half of the recipients. He explained that a co-worker sent out a draft version of the letter to 190 people, and the company later apologised for the oversight and said it was in a haste to notify customers of the EDM error.“Confidence and trust in our company, including our data protection policies is important to us and we will look at and implement effective ways to prevent this from happening again, through reviews of procedures, technology and training,” the IKEA spokesperson said.IKEA has also informed the Personal Data Protection Commission of Singapore (PDPC), which highlights that organisations should ensure consensus of individuals when collecting, using or disclosing their personal data.Recently, there have been similar personal data breaches in Singapore. Sephora was also hit by a cyber attack last week that impacted consumers across Southeast Asia, Australia and New Zealand. Offering a complimentary personal data monitoring service through a third-party provider, the beauty company also apologised for the breach and said to have reviewed its security systems.Just last month, F&B operator Spize and insurance company AIA were fined SG$20,000 and SG$10,000 respectively by the PDPC for varying causes of breaches. Meanwhile in May, Singapore Red Cross was hacked, compromising personal data of 4,297 interested donors. Name, contact number, email, declared blood type, preferred appointment date/time, and preferred location for blood donations were some of the information that was accessed by the hacker.