KrisShop falls prey to data breach, nearly 5k customer accounts impacted

share on

twitter /
facebook /
linkedin /
- email
- telegram
- whatsapp
- wechat
- pinterest
- line
- snapchat
- reddit

Singapore Airlines' (SIA) in-flight retailer KrisShop has suffered a data breach, which affected the personal information of 4,749 KrisShop customers. This included names, email addresses, residential addresses, contact numbers and KrisShop e-voucher numbers. Additionally, the bank account numbers of about 165 customers, as well as the KrisFlyer account numbers of 17 people, were exposed, but passwords and credit card information was not exposed as the company files did not include information.

The data breach came after a phishing attack on 8 March, by an unknown party, that targeted a KrisShop employee account. KrisShop has concluded that the breach was an isolated incident that came about due to human error, following a review of its systems and processes. It also reviewed its systems and processes together with Singapore Airlines, and concluded that the breach was an isolated

KrisShop said in a statement that the affected account was locked and investigations commenced as soon as the company was alerted to the phishing attack. The Personal Data Protection Commission was also notified of the incident on 10 March, after the information required for the report was verified internally by the company. KrisShop is currently in the process of contacting affected customers and will offer any assistance that they may require. It also cancelled and replaced all affected e-vouchers.

KrisShop has declined to comment.

KrishShop joins a list of companies that have recently suffered data breaches or have fallen victim to phishing scams. OCBC customers, for example, were subjected to a "particularly aggressive and highly coordinated" phishing scam since 3 December last year. The scam involved sending customers messages with "too good to be true" deals. OCBC's investigations confirmed that victims who had fallen prey had provided their online banking log-in credentials to phishing websites. After which, the scammers quickly transferred money out of the customers’ bank accounts. OCBC later began making goodwill payouts to customers who fell prey to the scam. The payouts, which started on 8 January 2022, were given to affected customers after thorough verification, taking into account the circumstances of each case, OCBC said in a statement then.

OCBC later launched a kill switch that enables customers to immediately freeze their accounts in an emergency. The kill switch can be activated via mobile or at about OCBC Bank ATMs in the event of a scam and will be available across all ATMs by March 2022. It also launched a dedicated channel, accessible via the bank's official number, for customers to seek assistance for incidents of suspected fraud. A specially trained customer service executive can help customers freeze all bank accounts, guide them through the process of making a police report and follow up on their banking activities after informing the bank of the fraud.

share on