The Straits Times reports Spize Concepts, a food and beverage outlet operator, has been fined $20,000 by Singapore’s Personal Data Protection Commission for the disclosure of 148 customers’ personal data. Names, contact numbers, and email and residential addresses on its online ordering portal were exposed in the breach, which was caused by a user making personal information publicly accessible by hacking the managing director's administrator account. In the PDPC review, it was noted that Spize relied on a service provider to handle data instead of having its own system and protocols. Deputy PDPC Commissioner Yeong Zee Kin said that Spize did not have a password policy or any data protection policies when the breach occurred.
If you want to comment on this post, you need to login.