Love, Bonito has confirmed that its eCommerce website was breached on 10 December 2019. In an email to customers seen by Marketing, co-founder Rachel Lim said a malicious code was added to its online site and that the company has since removed it and took steps to secure its systems.
Based on Love, Bonito's investigations, about 3% of its customers may have possibly had their personal information exposed, out of which, a small number may have had their financial data accessed. In a statement to Marketing, a Love, Bonito spokesperson said the breach affected local and international customers, however shoppers may continue to use the site now.
"We remain committed to providing our community with a safe shopping environment. Protecting our customers’ personal information has been and will always be of utmost importance to us. We are working closely with leading cybersecurity firms to ensure we adhere to the industry standards,” the spokesperson added.
Lim apologised to shoppers in the email and said: "We have always been committed to providing our community with a safe shopping environment and sincerely apologise for this incident."
According to Love, Bonito, the Personal Data Protection Commission and the Singapore Police Force have been informed of the breach and that the company will assist the authorities in their investigations. It will also work with the relevant vendors to investigate and resolve the matter. The retail brand has since engaged a data security expert to conduct a forensic investigation of the incident and will continue to review, audit and enhance its security controls and processes.
Love, Bonito was once an online-only fashion brand and now has two physical stores in Singapore. Last year, the brand partnered with 72andSunny Singapore to refresh its image after the brand secured an additional US$13 million in Series B funding led by Kakaku.com, together with existing investor NSI Ventures. With a current team of 80, Love Bonito has presence across Singapore, Malaysia, Indonesia and Cambodia, while also shipping internationally.
Recently, there has been a number of data breaches in Singapore. In July this year, Sephora confirmed a data breach, compromising personal information of some customers who have used its online services in Singapore, Malaysia, Indonesia, Thailand, Philippines, Hong Kong SAR, Australia and New Zealand. In an email to consumers seen by Marketing, Alia Gogi, managing director SEA, Sephora said the breach occurred over the last two weeks but did not clarify the exact number of those affected.
In May, Singapore Red Cross (SRC) was hacked, compromising personal data of 4,297 interested donors. Name, contact number, email, declared blood type, preferred appointment date/time, and preferred location for blood donations were some of the information that was accessed by the hacker. However, SRC’s other databases and the Health Sciences Authority’s systems were unaffected by the incident.