Club 21 waits two weeks before alerting Singapore customers to personal data breach

Club 21 logoAn attack by hackers on the computer servers of a popular luxury brand in Singapore has placed its customers’ personal information – including their passport numbers, addresses and sales history – at risk.

The hack on fashion brand Club 21 was revealed after the company’s Singapore general manager, Yip Tien Tien, sent an email to its customers this afternoon.

The breach took place two weeks ago, on 19 May, according to the company. Those mainly affected were customers who signed up to Club 21’s loyalty programme before October 2009.

The email stated:

I am writing to inform you that on 19 May, 2014, Club 21 learnt of an illegal attack on one of our computer servers, resulting in unauthorised access to data that included some customer information. Upon discovery of this attack, we promptly reported the incident to the Singapore Police Force. We also immediately triggered our incident response process. The break-in point was swiftly identified and closed; access to the data was removed. 

Our ongoing investigations show that the attack may have affected some personal information you might have provided to us, such as obsolete membership card number, name, gender, NRIC/Passport number and date of birth, as well as address, telephone number and email address. In a few limited cases, income range and past sales data were also affected. Much of this was partial in nature.

A contact of Mumbrella’s, who runs a local marketing agency, said that she was not confident that the Club 21 hadn’t lost more sensitive data such as a customer’s credit card information.

A commenter on Facebook questioned why companies in Singapore required such detailed information from their customers, such as passport numbers and dates of birth.

The email from Club 21 assured its customers that credit card information, membership data, member passwords, e-commerce sites and Facebook data were not compromised by the breach.

The brand stated: “Club 21 and the Singapore authorities treat such attacks seriously and we are working actively with the Technology Crime Division of the Police and an external computer forensics firm to conduct a thorough investigation of this criminal act.”

The company warned its customers to be careful with their personal data, and apologised for the breach.

“We are sorry this incident occurred. We value the trust you have placed in us by providing your personal information so that we may serve you better. For over forty years, our top priority has been to deliver exceptional customer service. This commitment is driving us to do everything possible to address this incident and to prevent this from happening again.”


Get the latest media and marketing industry news (and views) direct to your inbox.

Sign up to the free Mumbrella Asia newsletter now.



Sign up to our free daily update to get the latest in media and marketing