Club 21 waits two weeks before alerting Singapore customers to personal data breach
An attack by hackers on the computer servers of a popular luxury brand in Singapore has placed its customers’ personal information – including their passport numbers, addresses and sales history – at risk.
The hack on fashion brand Club 21 was revealed after the company’s Singapore general manager, Yip Tien Tien, sent an email to its customers this afternoon.
The breach took place two weeks ago, on 19 May, according to the company. Those mainly affected were customers who signed up to Club 21’s loyalty programme before October 2009.
The email stated:
I am writing to inform you that on 19 May, 2014, Club 21 learnt of an illegal attack on one of our computer servers, resulting in unauthorised access to data that included some customer information. Upon discovery of this attack, we promptly reported the incident to the Singapore Police Force. We also immediately triggered our incident response process. The break-in point was swiftly identified and closed; access to the data was removed.
Our ongoing investigations show that the attack may have affected some personal information you might have provided to us, such as obsolete membership card number, name, gender, NRIC/Passport number and date of birth, as well as address, telephone number and email address. In a few limited cases, income range and past sales data were also affected. Much of this was partial in nature.
A contact of Mumbrella’s, who runs a local marketing agency, said that she was not confident that the Club 21 hadn’t lost more sensitive data such as a customer’s credit card information.
A commenter on Facebook questioned why companies in Singapore required such detailed information from their customers, such as passport numbers and dates of birth.
The email from Club 21 assured its customers that credit card information, membership data, member passwords, e-commerce sites and Facebook data were not compromised by the breach.
The brand stated: “Club 21 and the Singapore authorities treat such attacks seriously and we are working actively with the Technology Crime Division of the Police and an external computer forensics firm to conduct a thorough investigation of this criminal act.”
The company warned its customers to be careful with their personal data, and apologised for the breach.
“We are sorry this incident occurred. We value the trust you have placed in us by providing your personal information so that we may serve you better. For over forty years, our top priority has been to deliver exceptional customer service. This commitment is driving us to do everything possible to address this incident and to prevent this from happening again.”
Dear Mumbrella Team, thank you for your posting and we have noted your concerns. Upon discovery of this attack, we promptly reported the incident to the Singapore Police Force and immediately triggered our incident response process. . The break-in point was swiftly identified and closed; access to the data was removed. Forensic analysis, however, takes time. We would like to reassure you and everyone that ongoing investigations show that credit cards and debit cards were not compromised. Member loyalty programme passwords were also not affected. For the most up-to-date and reliable information regarding this matter, please visit club21global.com/privacy2014
ReplyHave your say