Over 40,000 Goldheart customers’ data allegedly leaked online; SG authorities investigating


The database was shared on hacking forums and the Dark Web around May 20. — The Straits Times/ANN

SINGAPORE: Hackers have leaked a database they claim contains the personal details of more than 40,000 customers of local jewellery chain Goldheart.

The database was shared on hacking forums and the Dark Web around May 20 and appears to contain the records of those who signed up for an online account with Goldheart from 2015 to 2022.

Checks by The Straits Times found that the database contained names, addresses, phone numbers, email addresses and users’ dates of birth.

All of the database’s user entries, which numbered over 40,000, had email addresses and birth dates.

In the posts sharing the database, hackers claimed it contained the details of 42,000 Goldheart customers.

However, ST found that less than 4,000 of the entries contained phone numbers and addresses.

Several hundred entries also appeared to be fake and contained spam messages.

In response to queries from ST, the Personal Data Protection Commission (PDPC) said it will be investigating.

A spokesman said: “PDPC is aware of the case. We have reached out to Goldheart for more information and will be investigating.”

Goldheart is a subsidiary of jewellery retailer Aspial, which also owns Lee Hwa Jewellery and pawnbroker Maxi-Cash.

According to its Facebook page, Goldheart is one of the largest local jewellery chains here, with more than 20 boutiques.

ST has contacted Goldheart for comment.

It was reported earlier in May that the PDPC ordered the Law Society to plug security gaps after a ransomware attack compromised the information of 16,009 members in 2021.

PDPC’s investigation also uncovered poor password practices for an IT administrator account, which had “Welcome2020lawsoc” as its password.

The PDPC separately also fined online furniture store FortyTwo S$8,000 for a data breach in 2021.

The breach resulted in the leak of personal particulars belonging to 6,339 customers, including credit card details of 98 customers.

In another judgment, Kingsforce Management Services was found to have breached its obligation to protect personal data after its database of 54,900 job seekers was compromised and sold on a hacking forum in December 2021.

External cybersecurity investigators identified outdated website coding technology as the cause of the incident, and the PDPC ordered the firm to ensure that regular patching, updates and upgrades take place for all software and firmware supporting its website and application. – The Straits Times (Singapore)/Asia News Network

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

How 'CoComelon' became a mass media juggernaut for preschoolers
Evolution of smartphone damage: From drips to drops
Are you tracking your health with a device? Here's what could happen with the data
US judge rejects SEC bid to sanction Elon Musk
What's really happening when you agree to a website's terms of service
Samsung ordered to pay $118 million for infringing Netlist patents
Sirius XM found liable in New York lawsuit over subscription cancellations
US Supreme Court tosses case involving securities fraud suit against Facebook
Amazon doubles down on AI startup Anthropic with another $4 billion
Factbox-Who are bankrupt Northvolt's creditors?

Others Also Read