Singapore: Grab’s fourth privacy breach Is concerning


A woman is seen standing outside the Grab transport office in Singapore. Singapore’s privacy regulator imposed a S$10,000 (US$7,311) penalty on ride-hailing company GrabCar Pte for a personal-data breach incident last year and raised the alarm on repeated violations by the unit of Grab Holdings. - AFP

SINGAPORE, Sept 13 (Bloomberg): Singapore’s privacy regulator imposed a S$10,000 (US$7,311) penalty on ride-hailing company GrabCar Pte for a personal-data breach incident last year and raised the alarm on repeated violations by the unit of Grab Holdings Inc.

In August 2019, an update of Grab’s mobile application exposed the personal data of more than 21,500 users to the risk of unauthorized access, according to the Personal Data Protection Commission.

The breach, which included the profile pictures, names, wallet balance of users and vehicle plate numbers, was related to GrabHitch, a service that allows carpooling.

The glitch was fixed in less than an hour, according to the report. Still, the company should have had "properly scoped pre-launch tests” of the update before deployment, the commission said, adding that it was Grab’s fourth personal data violation since 2018.

"Given that the organisation’s business involves processing large volumes of personal data on a daily basis, this is a significant cause for concern,” Yeong Zee Kin, deputy commissioner for the Personal Data Protection Commission, said in the announcement dated Sept. 10.

Singapore is among a handful of Asian countries with comprehensive data protection rules. Multinationals that do business in Singapore must follow its Personal Data Protection Act, which requires companies to get user consent before collecting or using personal data.

GrabCar posted revenue of S$67.5 million and a loss of S$119.7 million in 2018, according to its most recent filings with Singapore regulators.

Grab, which has operations in 351 cities across eight countries in South-East Asia, has diversified into digital offerings such as food delivery and financial technology services. The mobile application had more than 187 million downloads, according to a statement on the company’s website.

Singapore’s Grab Joins Battle for Consumer Financial ServicesGrab Accelerates Expansion of Deliveries Across Southeast AsiaGrab Raises US$850 Million to Expand Into Financial ServicesGrab’s cooperation with the investigation and prompt, forthcoming responses to queries was a "mitigating factor” when arriving at the penalty amount, the regulator said.

For Grab’s mobile applications, the regulator ordered a so-called data protection by design policy -- where developers consider data and privacy issues at the design phase -- within 120 days. - Bloomberg
Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights
   

Next In Aseanplus News

Seven Hong Kong activists jailed over unauthorised protest in 2020
Bali earthquake kills three, injures seven
Number of new Covid cases alarmingly high: Laos taskforce
Unesco lauds govt for heritage conservation efforts
Sembmarine apologises after Jurong dorm residents raise issues about hygiene, Covid-19 healthcare
Philippines extends voter registration hours
Thailand logs 10,648 Covid-19 cases and 82 deaths
Top Chinese doctors hint at easing of Covid-19 measures in China
Manila casino goes public in US$2.6bil deal with Ader SPAC
Experts seek ways for Vietnam to have healthier supply chain

Others Also Read


Vouchers