PDPC takes action against 11 firms for data privacy breaches

The Personal Data Protection Commission fined karaoke chain K Box Entertainment S$50,000 for not having sufficient security measures during the 2014 database breach.

PDPC imposed a financial penalty of S$50,000 on karaoke chain, K Box Entertainment Group, for not having sufficient security measures to protect the personal data of 317,000 members. Details such as their contact number, email address, NRIC number and date of birth were leaked on a publicly accessible website after the company’s database was hacked.

The PDPC found that K Box did not update security patches to ensure its IT system security was sufficiently robust and it did not have a Data Protection Officer to develop or implement data protection policies. There was also weak control of access to personal data.

A financial penalty of S$10,000 was also imposed on the IT vendor in charge of K Box’s content management system, Finantech Holdings, for failing to implement proper and adequate protective measures for the personal data in the system it had built and managed for K Box, PDPC said. Continue reading “PDPC takes action against 11 firms for data privacy breaches”

Personal data of 300,000 K Box Singapore clients surfaces online

SINGAPORE – The personal data of over 300,000 customers of karaoke chain K Box Singapore have been posted online.

At least five customers have confirmed with The Straits Times that the leaked database contains their names, addresses and mobile phone and identity card numbers, although some information is outdated. Details of celebrities who are members of the karaoke chain also appear to have been posted. K Box membership numbers and loyalty points earned were also exposed.

The leak of K Box’s membership database is being investigated by privacy watchdog, the Personal Data Protection Commission, which said it is “concerned about the scale” of the alleged breach.

Organisations must take “reasonable measures” to protect personal data in their possession, said the commission, citing privacy laws which came into force on July 2. Continue reading “Personal data of 300,000 K Box Singapore clients surfaces online”