Business

Singtel and SPH Magazines fined for flouting data protection law

Singtel has been fined $9,000 for yet another data breach involving its My Singtel mobile app.

Singtel, SPH Magazines and Royal Caribbean Cruises (Asia) were among seven organisations that flouted the data protection law and have been fined $66,000 in total, noted the Personal Data Protection Commission (PDPC) on Tuesday.

Singtel received the penalty for failing to put in place "reasonable security arrangements" to prevent the unauthorised disclosure of personal data of some customers via its My Singtel mobile application.

In early 2018, the telco giant encountered a technical issue during its migration to a new billing system, resulting in the personal data of 750 mobile subscribers being exposed.

The PDPC considered the firm's prompt action to mitigate the impact and imposed a $9,000 penalty.

Meanwhile, SPH Magazines, a wholly owned unit of media and property group Singapore Press Holdings, was fined $26,000. SPH Magazines operates, hosts and maintains the HardwareZone forum site, an online Internet portal for members to engage in discussions.

A hacker got into the system in 2017 and accessed a senior moderator's account, which the intruder then used to retrieve the user profiles of members.

Royal Caribbean Cruises notified the PDPC last year that its vendor's system had been subject to a ransomware attack, resulting in sensitive personal data of about 6,000 of its customers being accessed.

The cyber attacker had left a ransom message demanding payment of 0.08 bitcoin for the deleted data. The operator said 25 of its employees' personal data was also compromised.

The company was fined $16,000. - THE STRAITS TIMES

BUSINESS & FINANCE