Singapore’s Privacy Watchdog Issues Two Fines

Written by: Richard Sheinis, Esq.

Singapore’s Personal Data Protection Commission (“PDPC”) has assessed two large fines against companies for data breaches.  The telecommunications company, Tingtel, has been fined $25,000 for a data breach involving its My Singtel mobile app.  A problem in the design of the mobile app allowed My Singtel users to potentially access other customers’ accounts.  This exposed the billing information, of up to 330,000 subscribers.

In another action, Ninja Logistics, operator of delivery start-up, Ninja Van, was fined $90,000 for leaving up to 1.26 million users’ data exposed on the internet.  Customers who used the order tracking function on the Ninja Logistics website were able to enter the tracking number of another user and view the user’s name, address, and signature if the user’s package delivery status was set to “completed.”

Ninja Logistics was aware of this vulnerability, and had tried to fix it, but was not successful.  Although there was no evidence of personal information being exfiltrated or used maliciously, PDOC stated it was inexcusable that Ninja Logistics did not implement a security arrangement to protect the personal data.