The Personal Data Protection Commission fined karaoke chain K Box Entertainment S$50,000 for not having sufficient security measures during the 2014 database breach.
PDPC imposed a financial penalty of S$50,000 on karaoke chain, K Box Entertainment Group, for not having sufficient security measures to protect the personal data of 317,000 members. Details such as their contact number, email address, NRIC number and date of birth were leaked on a publicly accessible website after the company’s database was hacked.
The PDPC found that K Box did not update security patches to ensure its IT system security was sufficiently robust and it did not have a Data Protection Officer to develop or implement data protection policies. There was also weak control of access to personal data.
A financial penalty of S$10,000 was also imposed on the IT vendor in charge of K Box’s content management system, Finantech Holdings, for failing to implement proper and adequate protective measures for the personal data in the system it had built and managed for K Box, PDPC said. Continue reading “PDPC takes action against 11 firms for data privacy breaches”