SINGAPORE – The personal information of 4,749 KrisShop customers was exposed to an unknown party after a phishing attack targeted an employee account of the Singapore Airlines’ in-flight retailer.
Personal data exposed included names, e-mail addresses, residential addresses, contact numbers and KrisShop e-voucher numbers.
The bank account numbers of about 165 customers, as well as the KrisFlyer account numbers of 17 people, were also exposed.
“Based on our investigations, the data did not include any password or credit card information, as the files did not include such information,” a KrisShop spokesman told The Straits Times on Thursday (March 17).
On March 8, KrisShop discovered that one of its employees’ work account was illegally accessed by an external party due to a phishing attack.
The spokesman did not give details of the attack and the identity of the external party.
“The affected account was locked as soon as we were alerted to the phishing attack, and investigations began immediately,” said the spokesman.
“Upon further investigations, we found that files containing data involving 4,749 individuals may have been exposed due to this incident.”
The Personal Data Protection Commission was notified on March 10, after the information required for KrisShop to make a report was verified internally by the company.
Apologising to affected customers for the incident, KrisShop said it is in the process of contacting them and will be offering any assistance that…