Authorities Now Investigating a Potential Data Breach in ShopBack; Customers Advised to Reset Password

Criminals nowadays don’t wear ski masks and rob a bank in broad daylight; instead, they sat behind a highly powered computer to steal data.

And in the latest incident, ShopBack, the popular cashback reward program, was the target.

Authorities Now Investigating a Potential Data Breach in ShopBack

Yesterday, the homegrown company sent an email to its customers, saying that they became aware of unauthorised access to its systems which contained customers’ personal data on 17 September.

They’re still trying to find out what data has been compromised.

However, they said that as of now, there has no reason to believe that any of the customer’s personal data has been misused.

But.

The possibility still exists.

Customers’ cashback balances or unutilised vouchers were also not affected by the inciden, and credit card details are safe as they do not store any of those details on any of their systems. They said in their FAQs, “It (credit card details) is sent to our PCI-compliant payment processing partner over an encrypted connection, processed on their secure servers and we receive an encrypted “token” back from them.”

The data that would’ve been given to Shopback are the email addresses and limited transactional information, and these personal details:

  1. Name
  2. Contact Information
  3. Gender
  4. Date of Birth
  5. Identification numbers (for customers involved in the Plus! Loyalty Programme campaign which ran from 3 November 2014 to 15 January 2016)
  6. Bank account numbers (for customers who cash out to their bank accounts)

They have since removed the unauthorized access and engaged external security specialists to identify and plug immediate vulnerabilities, support ongoing investigations, and fortify their security infrastructure.

According to The Straits Times, the Personal Data Protection Commission said it has been notified of the incident and they are now investigating the incident.

ShopBack has also provided an email, [email protected] , for customers to contact them if they’ve any questions regarding this incident.

Read Also: Dee Kosh Says He’s ‘Not Gone’ & Is Merely ‘Waiting for the Police Investigations’