SINGAPORE – The non-public info of 4,749 KrisShop prospects was uncovered to an unknown celebration after a phishing assault focused an worker account of the Singapore Airways’ in-flight retailer.
Private knowledge uncovered included names, e-mail addresses, residential addresses, contact numbers, and KrisShop e-voucher numbers.
The checking account numbers of about 165 prospects, in addition to the KrisFlyer account numbers of 17 folks, have been additionally uncovered.
“Primarily based on our investigations, the info didn’t embrace any password or bank card info, because the information didn’t embrace such info,” a KrisShop spokesman informed The Straits Instances on Thursday (March 17).
On March 8, KrisShop found that one among its workers’ work account was illegally accessed by an exterior celebration attributable to a phishing assault.
The spokesman didn’t give particulars on the assault and the identification of the exterior celebration.
“The affected account was locked as quickly as we have been alerted to the phishing assault, and investigations started instantly,” mentioned the spokesman.
“Upon additional investigations, we discovered that information containing knowledge involving 4,749 people could have been uncovered attributable to this incident.”
The Private Knowledge Safety Fee was notified on March 10, after the knowledge required for KrisShop to make a report was verified internally by the corporate.
Apologising to affected prospects for the incident, KrisShop mentioned it’s within the means of contacting them and shall be providing any help that they could require.
The affected KrisShop e-vouchers have additionally been cancelled and changed.
Prospects who’ve any queries might also contact the retailer at KrisShopCustomerCare@krisshop.com.
The corporate has reviewed its programs and processes along with Singapore Airways, and concluded that the breach was an remoted incident that took place attributable to human error.
None of its different databases or programs had been compromised.