How much will victims lose if cybercriminals found and used the lost data? We are referring to Singapore’s ride-hailing data-breach!
Ride-hailing operator Grab has been fined a miniscule S$10,000 for its Aug 2019 data breach of over 20,000 passenger and driver details on their platform. This is the firm’s fourth breach, in putting highly-sensitive data for grabs:
- Profile photos and passenger names
- Vehicle registration plate numbers
- Wallet balances comprising the ride payments
- Booking details (pick up and drop off timings)
- Driver’s details like total number of rides, vehicle models and makes
Singapore’s data protection watchdog reported that GrabCar did not put in place “sufficiently robust processes” in its IT system, expressing concerns over this “particularly grave error” as it was a repeat mistake. The firm has 120 days to put together a ‘data protection plan-by-design policy’ for its mobile apps to minimize the risk of another data leaks.
Repeat offence, small fine
What do cybersecurity professionals think of this incident and the implications on data protection in the Smart Nation? According to one expert, building security into processes and corporate culture is a necessary step for every organization. On the other hand, rebuilding workflows and policies becomes much harder once teams are accustomed to particular processes.
“When security incidents happen, those who aren’t prepared—with a software security initiative or incident response plan—must then face the fallout. This usually comes in the form of running from one emergency to the next, until the time and effort is put into making their systems more resilient. However, reputational damage may not provide such a clear-cut path forward in terms of customer trust,” said Synopsys Software Integrity Group’s Senior Security Strategist, Jonathan Knudsen.
According to Knudsen, a proactive, security-first approach to business enables organizations to drive down risk and minimize disruptions. “Security is the grease that makes the whole engine run better.”
Only recently, serious data leaks were spotted elsewhere in Singapore, Australia and globally, and can cost irreparable brand damage in addition to financial losses of US$1m or more. Changes are already proposed to impose stiffer penalties, given the reputational damage to Singapore’s image as a Smart Nation.