Personal Details of OG Department Store Customers Leaked in Latest Data Breach Incident


Put the word “leak” in front of most words, and it’ll probably sound bad. Here are a few examples:

  • Gas leak
  • Pipe leak
  • Water heater leak

Some of these leaks are quite alarming, but no phrase is as scary as the one below:

  • Data leak

After all, all your private and personal information, whether it be of a financial or sensitive nature, could have been stolen by people with malevolent intentions.

Many data breaches had been reported last year, and even though 2022 has only just begun, we already have another leak.

Personal Details of OG Department Store Customers Leaked in Latest Data Breach Incident

The names, mailing addresses, mobile numbers, and dates of birth of some OG customers may have been leaked, the department store said yesterday (6 Jan).

OG Department Store said it was notified of a data breach of a database containing OG Basic and Gold members’ information on Tuesday (4 Jan).

According to OG’s notice, the data that could have potentially been compromised include OG Basic and Gold members’ names, mailing addresses, email addresses, mobile numbers, genders, dates of birth, cryptographically-hashed NRIC data as well as cryptographically-hashed passwords to the member accounts.

It assured customers that the data breach did not include any financial information, as OG has never stored any financial information of its customers, nor any unencrypted NRIC numbers.

“The data breach was limited and confined to one isolated database on our members. It does NOT affect any past or future purchases made at OG or at our online stores on or Shopee,” it said.

Investigations Ongoing, Immediate Action Taken

OG said that its preliminary investigations confirmed the breach of the database, which had been stored and managed by an external third-party membership portal service provider.

“While the extent of the incident is still being investigated, we are informing you now so that you can take appropriate steps expeditiously to protect your online credentials, as we explain further below,” it said.

OG said it has reported the matter to the police and other relevant authorities, including the Personal Data Protection Commission and the Cybersecurity Agency of Singapore.

“Since becoming aware of the incident, we have required our service provider to take immediate action to manage and remediate the breach, and ensure the database is secure,” it added.

What Affected Customers Should Do

As for those affected, OG urged them to be vigilant and cautious, especially of suspicious individuals who try to contact them via email or phone.

“Do not give out any personal data to anyone whose identity you cannot verify,” it said.

It also urged members who have reused their OG membership passwords for different websites or platforms to change their passwords immediately to avoid any possible compromise of their other accounts.


“You may also wish to enable additional security measures, such as multi-factor authentication if supported,” it added.

Those with questions and concerns can contact OG at [email protected].

Read Also:

Featured Image: TK Kurikawa /