ShopBack says consumer 'cashback is safe' despite data breach

Cashback reward app ShopBack has reported a data breach, which involved unauthorised access to its systems which contained customers’ personal data. In a statement released on its official website, ShopBack said its has since removed the unauthorised access and engaged cyber security specialists to assess the extent of the incident, as well as tightened the monitoring of internal logs to ensure heightened detection of unauthorised access, if any were to occur. It added that it has notified its customers as well as the Personal Data Protection Commissioner of the incident.

According to the online platform, it is currently confirming which data has been compromised. However, it has no reason to believe that any of its consumers' personal data has been misused, even though the possibility still exists. It assured consumers that their cashback is safe, and that their account password is protected by encryption.

The statement also said that ShopBack does not have any additional data that consumers did not directly provide. "Apart from your email addresses (or alternative login IDs) and limited transactional information, ShopBack does not require you to provide information to us that is not related to our specific services or campaigns," the company added. The types of data that consumers may have provided include their name, contact information, gender, date of birth, and bank account numbers for those who cash out to their bank accounts. ShopBack cautioned consumers who have provided their bank account numbers to be wary of potential phishing attacks.

ShopBack is not the only platform to experience a data breach in recent weeks. Hospitality company RedDoorz also said one of its IT databases suffered a breach earlier last week, according to The Straits Times. The article added that at the time of writing, "no sensitive data pertaining to financial information, such as customer credit cards or passwords, was compromised to the best of [RedDoorz's] knowledge". The company also added that it is investigating the situation and conducting a "thorough review" of its systems.

Last week, Shopify also alerted the public of a data breach, caused by two "rogue members of its support team" were engaged in a scheme to obtain customer transactional records of certain merchants. In a statement on its website, Shopify said it had immediately terminated these individuals’ access to its Shopify network and referred the incident to law enforcement. It is also currently working with the FBI and other international agencies in their investigation of these criminal acts.

In yet another case, tech company Razer experienced a data breach which allegedly exposed 100,000 Razer customer data. The breach was found by cyber security consultant "Volodymyr 'Bob' Diachenko", who said in his LinkedIn post that the exposed information includes full name, email, phone number, customer internal ID, order number, order details, billing and shipping address. Diachenko also added that Razer has acknowledged the "server misconfiguration", and assured that no other sensitive data such as credit card numbers or passwords were exposed. 

With data breaches becoming more and more prevalent today, last year, Prime Minister Lee Hsien Loong convened a Public Sector Data Security Review Committee to conduct a comprehensive review of data security practices across the entire public service in Singapore.  The local government has had several lapses of data breaches in recent times, including the leak of over 800,000 blood donors' personal particulars due to mishandling of data by a vendor of the Health Sciences Authority.

Join us on a three-week journey at Digital Marketing Asia 2020 as we delve into the realm of digital transformation, data and analytics, and mobile and eCommerce from 10 to 26 November. Sign up here!

(Photo courtesy: 123RF)

Related Articles:
Scoot assures no data breach from mass email glitch
Tokopedia says personal info secured despite data breach attempt
Marriott watches over data of 5.2 million customers hit by data breach