Grab Fined $10k After 21K Users’ Personal Data Was Exposed; 4th Time Grab Breached PDPA

Latest Articles

Pilot to Reopen Nightclub & KTV Has Been Deferred Indefinitely Due to Increase in...

Less than 24 hours ago, Education Minister and face of the fight against COVID-19 Lawrence Wong posted this on...

Installing CCTV Outside Your HDB Flat Without Approval is Apparently Not Allowed

Remember the Punggol neighbour from hell? Over two years, six families on the same floor moved out because of her...

30 COVID-19 Cases Today (19 Jan); 4 Are Community Cases

The number of daily community cases has doubled today. Today (19 Jan), as of 12pm, the Ministry of Health (MOH)...

Lion Dances Will be Banned at Markets & Homes This Year; Troupes’ Earnings to...

If you hear the clashing of loud cymbals and see colourful lions dancing upright in the streets, you know...

Case of 33 Elderly Who Died After Taking COVID-19 Vaccine in Norway Isn’t Related...

When the COVID-19 vaccine was first announced to be approved and available for Singaporeans last month, we all breathed...

If Goody Feed requires you to give us your phone number and your credit card details, and somehow leaked it, it probably wouldn’t matter much because no one sane would trust us with their personal details.

But if a company like Grab were to lose your details?

That’s when the saying, shit has hit the fan, comes into play.

After all, Grab has 187 million users across 8 different countries and in Singapore, is the go-to app for private-hire rides, food delivery, and even e-wallet services.

So when it’s found that Grab has accidentally exposed 21,000 users’ personal data to risk of unauthorised access, and it’s the 4th time?

Something has to be done.

Grab Fined $10k After 21K Users’ Personal Data Was Exposed

On 10 Sep 2020, the Personal Data Protection Commission (PDPC) came to a decision regarding Grab’s latest breach, which started with their decision to update the Grab App.

The update was supposed to be patched a vulnerability within the app that’ll allow access to GrabHitch drivers’ data.

However, the update somehow exposed the details of 5,651 drivers to unauthorised access by other drivers.

In total, 21,541 drivers’ and passengers’ personal data was exposed.

The information includes:

  • Profile photos
  • Passenger names
  • Vehicle licence plate numbers
  • Wallet balances, which comprised a history of ride payments
  • Booking details, e.g. pick-up and drop-off timings
  • Driver details, e.g. total number of rides, vehicle models and makes

For the breach, Grab is fined $10,000, to be paid within 30 days.

Rolled Back The Version Within 40 Minutes

On Grab’s part, they immediately rolled back the version 40 minutes after the update.

Grab has also notified the PDPC about the breach and notified the drivers about what happened.

PDPC found Grab guilty because when a company makes any changes to its IT system, it has to implement “reasonable security arrangements”, something which Grab had failed to do.

It was added that this is the second time Grab has made a similar mistake, although the previous one was done on a different system.


Grab has also admitted that they didn’t do any scoped testing before going ahead with the deployment of the update.

4th Time Grab Breached PDPA

This time, Grab has breached Section 24 of the PDPA.

This is also the fourth time Grab has breached the same section, PDPC deputy commissioner Yeong Zee Kin stated.

Grab now has 120 days to put into place “data protection by design policy” for its mobile apps.

For the uninitiated, section 24 basically says a company must protect personal data it either possesses or control by making sure it won’t be exposed to unauthorised persons.

Given how Grab is practically used in every aspect of a person’s life, especially for those who love getting extra Grab Reward Points for using the e-wallet, we hope that Grab makes their system as secure as possible.


You can read PDPC’s full verdict here.

Read Also: Police Officers Recover Woman’s $35K In Tech Support Scam But Recipient Is An ‘Unknowing Accomplice’

Like writing? Goody Feed is looking for writers! Click here for more info!