Over 40,000 Goldheart customers’ data allegedly leaked online; SG authorities investigating

By David Sun

The database was shared on hacking forums and the Dark Web around May 20. — The Straits Times/ANN

SINGAPORE: Hackers have leaked a database they claim contains the personal details of more than 40,000 customers of local jewellery chain Goldheart.

The database was shared on hacking forums and the Dark Web around May 20 and appears to contain the records of those who signed up for an online account with Goldheart from 2015 to 2022.

Checks by The Straits Times found that the database contained names, addresses, phone numbers, email addresses and users’ dates of birth.

All of the database’s user entries, which numbered over 40,000, had email addresses and birth dates.

In the posts sharing the database, hackers claimed it contained the details of 42,000 Goldheart customers.

However, ST found that less than 4,000 of the entries contained phone numbers and addresses.

Several hundred entries also appeared to be fake and contained spam messages.

In response to queries from ST, the Personal Data Protection Commission (PDPC) said it will be investigating.

A spokesman said: “PDPC is aware of the case. We have reached out to Goldheart for more information and will be investigating.”

Goldheart is a subsidiary of jewellery retailer Aspial, which also owns Lee Hwa Jewellery and pawnbroker Maxi-Cash.

According to its Facebook page, Goldheart is one of the largest local jewellery chains here, with more than 20 boutiques.

ST has contacted Goldheart for comment.

It was reported earlier in May that the PDPC ordered the Law Society to plug security gaps after a ransomware attack compromised the information of 16,009 members in 2021.

PDPC’s investigation also uncovered poor password practices for an IT administrator account, which had “Welcome2020lawsoc” as its password.

The PDPC separately also fined online furniture store FortyTwo S$8,000 for a data breach in 2021.

The breach resulted in the leak of personal particulars belonging to 6,339 customers, including credit card details of 98 customers.

In another judgment, Kingsforce Management Services was found to have breached its obligation to protect personal data after its database of 54,900 job seekers was compromised and sold on a hacking forum in December 2021.

External cybersecurity investigators identified outdated website coding technology as the cause of the incident, and the PDPC ordered the firm to ensure that regular patching, updates and upgrades take place for all software and firmware supporting its website and application. – The Straits Times (Singapore)/Asia News Network

×

Related stories:

S’pore online grocer fined S$72,000 after addresses, partial credit card info of nearly 900,000 people leaked

Gaming firm Razer wins lawsuit against IT vendor over data leak, awarded S$8.7mil in damages

Carousell investigating how many Malaysians affected by data breach

S’pore organisations among most targeted in the world by ransomware attacks, study says

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Report it to us.

Next In Tech News
India's Wipro beats Q4 revenue estimates
Japanese doctors demand damages from Google over ‘groundless’ reviews
Meta releases beefed-up AI models
Explainer-Bitcoin's 'halving': what is it and does it matter?
Netflix slips after stopping subscriber tally report, downbeat Q2 revenue forecast
Japanese AI tool predicts when recruits will quit jobs
US ‘swatting’ pranks stoke alarm in election year
Tech neck is a pain in more than just the neck
Shopper put phone under woman’s skirt, US cops say. Then police checked store video
Crypto fans count down to bitcoin's 'halving'

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.