Singaporean e-commerce platform Carousell faces S$58,000 (RM206,150) in fines for two data breaches compromising millions of users’ personal information.
Carousell fined for 2022 data breach
The Personal Data Protection Commission (PDPC) of Singapore found that Carousell failed to implement adequate security measures, leading to the leaks, which affected users across several Southeast Asian countries.
A data breach compromised the information of over 44,000 users in Singapore, Malaysia, Indonesia, Taiwan, and the Philippines. The exposed information included usernames, email addresses, phone numbers, and location data.
The second and more concerning breach involved the data of a staggering 2.6 million users. A system migration process at Carousell resulted in user data being offered for sale on an online forum.
Investigations revealed that Carousell’s shortcomings in data protection included a lack of proper documentation for its systems. Furthermore, investigations also pointed towards insufficient testing procedures before the system migration. These lapses allowed unauthorized access to user data and subsequent leaks.
The PDPC emphasised the importance of data protection and the need for organizations to implement robust security measures to safeguard user information. Moreover, they highlighted the significance of conducting thorough assessments and implementing appropriate controls to prevent such incidents.
For more news like this, stay tuned to us at Adam Lobo TV.
Source: CNA
