SINGAPORE: A total of 4,749 KrisShop customers’ personal data “may have been exposed” after a phishing attack, the retailer said on Thursday (Mar 17).
The data potentially includes the names, email addresses, addresses, contact numbers, and e-voucher numbers belonging to these individuals, KrisShop said in response to CNA’s queries.
Of the 4,749 customers, the bank account numbers of about 165 individuals, as well as the KrisFlyer account number of 17 people, may have also been exposed.
EMPLOYEE’S ACCOUNT ILLEGALLY ACCESSED
On Mar 8, KrisShop learnt that an employee’s work account was illegally accessed by an external party as a result of a phishing attack.
The affected account was locked as soon as KrisShop was alerted to the phishing attack, and investigations began.
“Based on our investigations, the data did not include any password or credit card information, as the files did not include such information,” said the retailer.
The affected KrisShop e-vouchers have been cancelled and replaced.
After KrisShop reviewed its systems and processes together with Singapore Airlines, the retailer established that it was an “isolated incident that arose due to human error”, and that none of its other databases or systems have been compromised.