Over 40,000 Goldheart customers’ data allegedly leaked online; SG authorities investigating

The database was shared on hacking forums and the Dark Web around May 20. — The Straits Times/ANN

SINGAPORE: Hackers have leaked a database they claim contains the personal details of more than 40,000 customers of local jewellery chain Goldheart.

The database was shared on hacking forums and the Dark Web around May 20 and appears to contain the records of those who signed up for an online account with Goldheart from 2015 to 2022.

Checks by The Straits Times found that the database contained names, addresses, phone numbers, email addresses and users’ dates of birth.

All of the database’s user entries, which numbered over 40,000, had email addresses and birth dates.

In the posts sharing the database, hackers claimed it contained the details of 42,000 Goldheart customers.

However, ST found that less than 4,000 of the entries contained phone numbers and addresses.

Several hundred entries also appeared to be fake and contained spam messages.

In response to queries from ST, the Personal Data Protection Commission (PDPC) said it will be investigating.

A spokesman said: “PDPC is aware of the case. We have reached out to Goldheart for more information and will be investigating.”

Goldheart is a subsidiary of jewellery retailer Aspial, which also owns Lee Hwa Jewellery and pawnbroker Maxi-Cash.

According to its Facebook page, Goldheart is one of the largest local jewellery chains here, with more than 20 boutiques.

ST has contacted Goldheart for comment.

It was reported earlier in May that the PDPC ordered the Law Society to plug security gaps after a ransomware attack compromised the information of 16,009 members in 2021.

PDPC’s investigation also uncovered poor password practices for an IT administrator account, which had “Welcome2020lawsoc” as its password.

The PDPC separately also fined online furniture store FortyTwo S$8,000 for a data breach in 2021.

The breach resulted in the leak of personal particulars belonging to 6,339 customers, including credit card details of 98 customers.

In another judgment, Kingsforce Management Services was found to have breached its obligation to protect personal data after its database of 54,900 job seekers was compromised and sold on a hacking forum in December 2021.

External cybersecurity investigators identified outdated website coding technology as the cause of the incident, and the PDPC ordered the firm to ensure that regular patching, updates and upgrades take place for all software and firmware supporting its website and application. – The Straits Times (Singapore)/Asia News Network

Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Brain implants could restore paralysed patients' arm movements
Volkswagen - production back to normal after major IT outage
Volkswagen's Trinity model to be built in Zwickau -Handelsblatt
Netflix's DVD-by-mail service bows out as its red-and-white envelopes make their final trip
Sam Bankman-Fried, the fallen wunderkind of cryptocurrency
Microsoft discussed selling Bing to Apple as Google replacement
Sony doubles down on virtual production business using its hardware muscle
OpenAI turning to designer Jony Ive for 'AI iPhone': report
Meta putting AI in smart glasses, assistants and more
Social networks can be an additional source of anxiety for moms

Others Also Read