On March 25, Poh Heng Jewellery, a well-established jewellery retailer in Singapore experienced a data breach where customer information was accessed without authorisation. The company is actively addressing the situation to enhance their security measures and safeguard customer data.
Details of the Incident
The breach targeted the names, telephone numbers, email addresses, and additional personal details such as birthdays, usernames, and countries of residence of Poh Heng customers. However, the company confirmed that no payment card details were compromised, as such information is not retained by them. Importantly, user passwords were also not accessed during the breach.
Eugene Goh, the Chief Executive Officer of Poh Heng, shared these details in a customer notice, reassuring customers about the steps being taken to address the issue. Following the incident, the company’s website was temporarily brought offline for enhancements aimed at improving service and security.
Company Response and Investigation
Ezekiel Chin, the Data Protection Officer at Poh Heng, has engaged with both the police and the Personal Data Protection Commission (PDPC) to report the incident. As the investigation is still underway, specific details about the number of affected customers remain confidential. Poh Heng is working diligently with cybersecurity experts to strengthen their systems and prevent future breaches.
Mr Chin said: “We are working with relevant teams and experts to investigate the incident and would like to extend our sincere apologies to affected customers. “Data security and user privacy are of utmost importance to us, and we will thoroughly review our platform and data protection processes to enhance safeguards against future attacks.”
“We also needed time to consolidate findings to report to PDPC and SPF to support and facilitate their investigations.
“While this may have taken time, it allowed us to better communicate steps taken to contain and resolve the situation to our affected members.”
Implications for the Jewellery Industry
This incident underscores the importance of robust cybersecurity measures within the jewellery industry. It serves as a reminder for jewellers to continuously review and enhance their data protection practices. Implementing comprehensive security systems and regular audits, alongside staff training in data security, are critical steps in safeguarding customer information.