RedMart, an online grocery store owned by Singapore e-commerce platform Lazada, has disclosed a data breach. It said that a person had owned an old database of RedMart, which contained PII of 1.1 million of its customers like their names, phone numbers, encrypted passwords, and partial credit card data. It terminated the access and informed customers and authorities.
RedMart Disclosed Data Breach
RedMart is a Singapore-based online grocery store and is acquired by Lazada in 2018. This marked the platforms’ integration plans, as Lazada announced to join the RedMart’s database into its e-commerce platform’s database in January last year. And in March of 2019, Lazada has integrated RedMart’s database, which is now leaked.
According to Lazada’s reporting to its customers, the company has discovered that an unauthorized party owns its “legacy” database in its regular security scan. This was the database before Lazada integrated it into its in March 2019. Since it wasn’t updated since then, there’s no new information in it.
Yet, it has the personally identifiable information of RedMart’s customers like their names, mailing address, encrypted passwords, phone numbers, and the last four digits of their payment cards. Since the sensitive data, passwords, and cards aren’t fully exposed, this breach can be termed a medium but still has a considerable impact on customers.
When asked by ZDNet, Lazada said that about 1.1 million customers’ data had been involved in the breach. Thus, it warned users of monitoring their bank transactions for any suspicious payments. It has made an FAQ page to clear its customers’ doubts and terminated the access to that database.
Further, it has informed the Personal Data Protection Commission (PDPC) and is in touch with relevant authorities to investigate this incident.