Starbucks Singapore has been hit by a data breach. The breach is said to affect customers in its rewards membership programme and through an email sent to customers, Starbucks said there was an "unauthorised access" to user details such as name, gender, date of birth, mobile number, email address, and residential address.
Starbucks Singapore also told MARKETING-INTERACTIVE that the breach of data may affect customers who registered an eCommerce account with the brand and had previously completed a transaction via in-app delivery or online store services.
“We have immediately taken reasonable steps to protect customer information. We are also fully co-operating with authorities on the investigation. Like all major retailers, Starbucks Singapore has safeguards in place to constantly monitor for fraudulent activity,” the spokesperson added.
As Starbucks Singapore does not share credit card information, credit card details weren't compromised. Currently the PDPA is also investigating the matter, said a report on CNA.
Meanwhile, according to The Straits Times, around 330,000 customer data was leaked and the report added that the data has been put up for sale on an online forum. ST also claimed that at present, one copy of the database has been sold with the price listed at SG$3,500.
Recently, omnichannel womenswear brand Love, Bonito also made the news for its fine of SG$24,000 over a data breach in 2019, which compromised the personal information of over 5,500 customers.
According to the Personal Data Protection Commission (PDPC), Love, Bonito's password policy for accounts allowing access to the website management software accounts was inadequate. PDPC said that the Love, Bonito had adopted the software's default security settings, such as the required password length and lockouts after a number failed attempts.
In an earlier analysis piece done by MARKETING-INTERACTIVE, PR professionals shared that data breaches can often break the trust between the consumer and the brand. Pamela Tor Das, managing director, LEWIS Singapore, told MARKETING-INTERACTIVE that once the trust is broken, consumers will become wary of providing their data with the brand in the future.
According to Kunalan Chakravarthy, chief executive of Priority Consultants Group, a data breach can whip up a perfect storm of cascading events with a broken trust being just the tip of the iceberg. Aside from risking the loss of customer confidence and loyalty, a data breach may also lead to a fall in market confidence, resulting in tumbling share prices and difficult questions to answer from investors and analysts.
So what should brands do when a breach occurs?
Well, in such a situation transparency and speed are key to a brand’s reaction. Those facing the media or customers need to find out as much information such they can such as what types of data have been impacted and ensure those impacted are contacted swiftly. It is also up to the brand to assess what would be critical data they need to capture versus other sensitive data they can omit capturing.
Experts also commented that when involved in a data breach, brands should firstly have a full grasp of the incident – when and how it happened, what data was compromised – and quickly acknowledge the issue by communicating it to customers. In such cases, putting one’s customers first is vital and practicing clear, transparent, and proactive communication with empathy is critical to rebuilding trust among them.
Love, Bonito slapped with SG$24k fine over 2019 data breach
KrisShop falls prey to data breach, nearly 5k customer accounts impacted
Harbour Plaza Hotel data breach sees 1.2m customer data leaked
PDPC fines RedDoorz SG's site operator over data leak of 5.9m consumers
MyRepublic experiences data breach of nearly 80k customers