Over 40,000 Goldheart customers’ data allegedly leaked online; SG authorities investigating


The database was shared on hacking forums and the Dark Web around May 20. — The Straits Times/ANN

SINGAPORE: Hackers have leaked a database they claim contains the personal details of more than 40,000 customers of local jewellery chain Goldheart.

The database was shared on hacking forums and the Dark Web around May 20 and appears to contain the records of those who signed up for an online account with Goldheart from 2015 to 2022.

Checks by The Straits Times found that the database contained names, addresses, phone numbers, email addresses and users’ dates of birth.

All of the database’s user entries, which numbered over 40,000, had email addresses and birth dates.

In the posts sharing the database, hackers claimed it contained the details of 42,000 Goldheart customers.

However, ST found that less than 4,000 of the entries contained phone numbers and addresses.

Several hundred entries also appeared to be fake and contained spam messages.

In response to queries from ST, the Personal Data Protection Commission (PDPC) said it will be investigating.

A spokesman said: “PDPC is aware of the case. We have reached out to Goldheart for more information and will be investigating.”

Goldheart is a subsidiary of jewellery retailer Aspial, which also owns Lee Hwa Jewellery and pawnbroker Maxi-Cash.

According to its Facebook page, Goldheart is one of the largest local jewellery chains here, with more than 20 boutiques.

ST has contacted Goldheart for comment.

It was reported earlier in May that the PDPC ordered the Law Society to plug security gaps after a ransomware attack compromised the information of 16,009 members in 2021.

PDPC’s investigation also uncovered poor password practices for an IT administrator account, which had “Welcome2020lawsoc” as its password.

The PDPC separately also fined online furniture store FortyTwo S$8,000 for a data breach in 2021.

The breach resulted in the leak of personal particulars belonging to 6,339 customers, including credit card details of 98 customers.

In another judgment, Kingsforce Management Services was found to have breached its obligation to protect personal data after its database of 54,900 job seekers was compromised and sold on a hacking forum in December 2021.

External cybersecurity investigators identified outdated website coding technology as the cause of the incident, and the PDPC ordered the firm to ensure that regular patching, updates and upgrades take place for all software and firmware supporting its website and application. – The Straits Times (Singapore)/Asia News Network

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Google proposes altering contracts to correct illegal search monopoly
As elder fraud explodes, banks in the US beat back duty to call cops
Many Americans have come to rely on Chinese-made drones. Now lawmakers want to ban them
Apple seeks to defend Google's billion-dollar payments in search case
Iran lifts ban on WhatsApp and Google Play, state media says
India's push for home-grown satellite constellation gets 30 aspirants
Google Search has a surprise in store for 'Squid Game' fans
Blogs to Bluesky: social media shifts responses after 2004 tsunami
Singapore pulls ahead of Hong Kong in race to be crypto hub
Telegram profitable for first time after app pays down debts

Others Also Read