SINGAPORE: A breach at Cycle & Carriage's database has affected about 147,000 records containing customer information, the car distributor said on Friday (Aug 1).
In response to CNA's queries, a spokesperson from Cycle & Carriage said that it was alerted on Jul 14 to "unauthorised access" into its customer relationship management system by a threat actor who downloaded some customer information.
"About 147,000 data records are affected. Most of the downloaded records have missing or partial information," added the spokesperson.
The affected data records may contain names and contact information - such as email addresses and phone numbers - with about 2 per cent of them containing National Registration Identity Card (NRIC) numbers and deposit amounts.
No banking or credit card information was divulged, the spokesperson said.
"Once we became aware of the incident, we have taken measures to prevent further unauthorised access to the system.
"A thorough investigation was carried out and forensic experts were activated to look into the possible causes of this unauthorised access," the spokesperson added.
Apologising to affected customers, Cycle & Carriage said that the company has internal processes, protocols, and training in place to support data governance and cyber hygiene, but will continue to "review and refine these as needed" in light of the incident.
The firm has lodged a police report and notified the Personal Data Protection Commission (PDPC).
It has also begun to inform affected customers in batches from Wednesday.
In an email sent to a customer on Thursday, which CNA has seen, the firm referred to a "cybersecurity incident" and added that it was still investigating the full scope of the breach.
Customers were advised to be cautious of phishing activities or suspicious requests for personal information.
CNA has reached out to PDPC and the Cyber Security Agency of Singapore (CSA) for comment.
Continue reading...
In response to CNA's queries, a spokesperson from Cycle & Carriage said that it was alerted on Jul 14 to "unauthorised access" into its customer relationship management system by a threat actor who downloaded some customer information.
"About 147,000 data records are affected. Most of the downloaded records have missing or partial information," added the spokesperson.
The affected data records may contain names and contact information - such as email addresses and phone numbers - with about 2 per cent of them containing National Registration Identity Card (NRIC) numbers and deposit amounts.
No banking or credit card information was divulged, the spokesperson said.
"Once we became aware of the incident, we have taken measures to prevent further unauthorised access to the system.
"A thorough investigation was carried out and forensic experts were activated to look into the possible causes of this unauthorised access," the spokesperson added.
Apologising to affected customers, Cycle & Carriage said that the company has internal processes, protocols, and training in place to support data governance and cyber hygiene, but will continue to "review and refine these as needed" in light of the incident.
The firm has lodged a police report and notified the Personal Data Protection Commission (PDPC).
It has also begun to inform affected customers in batches from Wednesday.
In an email sent to a customer on Thursday, which CNA has seen, the firm referred to a "cybersecurity incident" and added that it was still investigating the full scope of the breach.
Customers were advised to be cautious of phishing activities or suspicious requests for personal information.
CNA has reached out to PDPC and the Cyber Security Agency of Singapore (CSA) for comment.
Continue reading...