Grab Fined $10k After 21K Users’ Personal Data Was Exposed; 4th Time Grab Breached PDPA

Latest Articles

Don’t Say Bojio: Thai Halal Hot-pot Buffet in New HomeTeamNS Club House Khatib from...

As far as buffets go... This one's a clear winner. After all, it's not often that you get to see Thai,...

Taiwan Has Gone Through 200 Days Without a Single Locally Transmitted COVID-19 Case

Amidst the current epidemic, it appears that Taiwan has emerged as a beacon of hope for every other part...

Someone Oppa-fied World Leaders & Politicians With FaceApp & All Of Them Really Look...

Have you ever gone to bed wondering what world leaders would look like if they were Korean pop stars? The...

Man Who Discarded ‘Prison Tag’ in Grab Car Arrested; Had Tampered with the Tag...

Taxi drivers must find all sorts of things in their car after a long day's work. Keys, phones, food wrappers,...

7 COVID-19 Cases Today (29 Oct) & They’re All Imported Cases

November is coming, and unlike other countries that’ve spikes in their COVID-19 cases, it’s still pretty calm here. Today (29...


If Goody Feed requires you to give us your phone number and your credit card details, and somehow leaked it, it probably wouldn’t matter much because no one sane would trust us with their personal details.

But if a company like Grab were to lose your details?

That’s when the saying, shit has hit the fan, comes into play.

After all, Grab has 187 million users across 8 different countries and in Singapore, is the go-to app for private-hire rides, food delivery, and even e-wallet services.

So when it’s found that Grab has accidentally exposed 21,000 users’ personal data to risk of unauthorised access, and it’s the 4th time?

Something has to be done.

Grab Fined $10k After 21K Users’ Personal Data Was Exposed

On 10 Sep 2020, the Personal Data Protection Commission (PDPC) came to a decision regarding Grab’s latest breach, which started with their decision to update the Grab App.

The update was supposed to be patched a vulnerability within the app that’ll allow access to GrabHitch drivers’ data.

However, the update somehow exposed the details of 5,651 drivers to unauthorised access by other drivers.

In total, 21,541 drivers’ and passengers’ personal data was exposed.

The information includes:

  • Profile photos
  • Passenger names
  • Vehicle licence plate numbers
  • Wallet balances, which comprised a history of ride payments
  • Booking details, e.g. pick-up and drop-off timings
  • Driver details, e.g. total number of rides, vehicle models and makes

For the breach, Grab is fined $10,000, to be paid within 30 days.

Rolled Back The Version Within 40 Minutes

On Grab’s part, they immediately rolled back the version 40 minutes after the update.

Grab has also notified the PDPC about the breach and notified the drivers about what happened.

PDPC found Grab guilty because when a company makes any changes to its IT system, it has to implement “reasonable security arrangements”, something which Grab had failed to do.

Follow us on Telegram for more informative & easy-to-read articles, or download the Goody Feed app for articles you can't find on Facebook!

It was added that this is the second time Grab has made a similar mistake, although the previous one was done on a different system.

Grab has also admitted that they didn’t do any scoped testing before going ahead with the deployment of the update.

4th Time Grab Breached PDPA

This time, Grab has breached Section 24 of the PDPA.

This is also the fourth time Grab has breached the same section, PDPC deputy commissioner Yeong Zee Kin stated.

Grab now has 120 days to put into place “data protection by design policy” for its mobile apps.

A 34YO "old-virgin" S'porean was desperately looking for a boyfriend and surprisingly, she really found one online. But the intentions of the man will make you cry. Prepare tissue paper to watch this video based on real events:

For the uninitiated, section 24 basically says a company must protect personal data it either possesses or control by making sure it won’t be exposed to unauthorised persons.

Given how Grab is practically used in every aspect of a person’s life, especially for those who love getting extra Grab Reward Points for using the e-wallet, we hope that Grab makes their system as secure as possible.


You can read PDPC’s full verdict here.

Read Also: Police Officers Recover Woman’s $35K In Tech Support Scam But Recipient Is An ‘Unknowing Accomplice’