Poh Heng Jewellery data breached. Reports say that customers’ personal information may have been compromised.
Poh Heng Jewellery recently informed its customers about a data breach that took place on March 25th.
The company promptly reported the incident to the police and the Personal Data Protection Commission.
In response to CNA’s inquiry, Ezekiel Chin, the data protection officer at Poh Heng Jewellery, stated on Saturday that the unauthorized access might have exposed members’ personal information.
“Upon discovery, we took prompt action to secure our system and have since reported the incident to the Personal Data Protection Commission (PDPC) and Singapore Police Force (SPF),”
“We have also confirmed that no passwords and payment information were leaked.”
Said Mr Chin.
When questioned about why the affected users were not notified when the data breach was initially discovered, Mr. Chin explained that the primary focus at that time was to immediately secure the company’s database and prevent any further compromise of data and platforms.
“We also needed time to consolidate findings to report to PDPC and SPF to support and facilitate their investigations.
“While this may have taken time, it allowed us to better communicate steps taken to contain and resolve the situation to our affected members.
Said Chin.
Poh Heng Jewellery Data Breach Contains Personally Identifiable Information
Upon checking on Saturday afternoon, it was observed that Poh Heng’s website was unavailable with a notice stating, “We are currently upgrading our website to enhance your experience.”
In a letter shared on Reddit and sent to customers, Poh Heng’s Group CEO, Eugene Goh, acknowledged that an unauthorized party had gained access to customers’ personal data.
This potentially compromised information such as names, telephone numbers, email and residential addresses, member IDs, as well as the date of birth and country of residence.
“Please be assured that we do not store any financial information in your transaction with Poh Heng,” read the letter.
“There is also no evidence to suggest that user passwords have been accessed.”
The customers were advised to be cautious and closely monitor their accounts with any organization for any signs of suspicious or unusual activity.
“We recommend that you remain vigilant against phishing attempts, especially with regard to clicking on links that may direct you to malicious websites where your passwords or other personal information may be requested”.
“Data security and user privacy are of utmost importance to us, and we will thoroughly review our platform and data protection processes to enhance safeguards against future attacks.”
Poh Heng is actively collaborating with relevant teams and experts to conduct a thorough investigation into the data breach incident.