RedMart, an online grocery store owned by Singapore e-commerce platform Lazada, has disclosed a data breach. It said that a person had owned an old database of RedMart, which contained PII of 1.1 million of its customers like their names, phone numbers, encrypted passwords, and partial credit card data. It terminated the access and informed customers and authorities.
RedMart Disclosed Data Breach
RedMart is a Singapore-based online grocery store and is acquired by Lazada in 2018. This marked the platformsโ integration plans, as Lazada announced to join the RedMartโs database into its e-commerce platformโs database in January last year. And in March of 2019, Lazada has integrated RedMartโs database, which is now leaked.
According to Lazadaโs reporting to its customers, the company has discovered that an unauthorized party owns its โlegacyโ database in its regular security scan. This was the database before Lazada integrated it into its in March 2019. Since it wasnโt updated since then, thereโs no new information in it.
Yet, it has the personally identifiable information of RedMartโs customers like their names, mailing address, encrypted passwords, phone numbers, and the last four digits of their payment cards. Since the sensitive data, passwords, and cards arenโt fully exposed, this breach can be termed a medium but still has a considerable impact on customers.
When asked by ZDNet, Lazada said that about 1.1 million customersโ data had been involved in the breach. Thus, it warned users of monitoring their bank transactions for any suspicious payments. It has made an FAQ page to clear its customersโ doubts and terminated the access to that database.
Further, it has informed the Personal Data Protection Commission (PDPC) and is in touch with relevant authorities to investigate this incident.