JPDP to look into number of Malaysians affected by ShopBack data breach

The company, which offers cashback rewards for online shopping, said that its services and business operations have not been affected by the incident. — ANGELIN YEOH/The Star

PETALING JAYA: The Department of Personal Data Protection (JPDP) said it will seek feedback from ShopBack Cashback Sdn Bhd regarding the number of Malaysians that may have been affected following a recent personal data breach involving the company.

JPDP in a statement said ShopBack had discovered an incident involving unauthorised access to its systems containing customers’ personal information, such as names, contact information, dates of birth and bank account numbers, on Sept 17.

It was then notified of the situation by a representative appointed by ShopBack on Sept 25.

“The notification stated that ShopBack will begin the process of contacting its customers via email and set up a website with questions and answers (Q&A) to provide clarification, along with measures to be taken following the discovery of the breach,” JPDP said in the statement.

The government agency said it has also been informed about ShopBack’s migitation plan to prevent the breach from escalating further, and that it had been assured these plans would be able to fully contain the breach.

“The Department will also work closely with relevant authorities to measure the severity of the personal data breach in line with the Personal Data Protection Act 2010 (Act 709),” adding that the department viewed the breach as a serious matter.

In an email sent to customers on Sept 25, ShopBack said it was still confirming which data has been compromised, and it has “no reason” to believe that any personal data has been misused. However it admitted that “the possibility still exists”.

“What we can assure you of is that your cashback is safe, we do not collect credit card details, and your ShopBack account is protected by encryption,” it said, adding that it had “immediately removed” the unauthorised access after being made aware of the issue.

The company, which offers cashback rewards for online shopping, said that its services and business operations have not been affected by the incident. It advised users to change their passwords, report any suspicious emails to the relevant authorities and to stay vigilant.

“While bank account numbers do not permit third parties direct access to your bank accounts, users who have provided us with their bank account numbers should be watchful for potential phishing attacks,” it added.

In a statement to LifestyleTech, ShopBack said the investigation is still ongoing and that in the meantime customers can continue to access their account.

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 46
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights



Next In Tech News

Cryptocurrencies post 5th straight week of inflows -CoinShares
Exclusive-Netflix offers free plan in Kenya to entice new subscribers
U.S. securities regulator probes Activision over workplace practices - WSJ
States rally around proposed U.S. laws to rein in Big Tech
Coinbase scraps plans for crypto lending program
DoorDash to deliver alcohol across 20 U.S. states, Canada and Australia
Amazon investigating kickback allegation at India unit - source
Freshworks raises U.S. IPO price range, targets nearly $10 billion valuation
Cryptocurrencies slide as market selloff deepens
Twitter seeks to settle 2016 class action lawsuit for $800 million

Stories You'll Enjoy