RedMart, a Singapore-based online grocery platform, is the latest victim of a data breach incident that allegedly exposed personal data and records of about 1.1 million customers. Lazada, the parent company which owns RedMart, claimed that unknown threat actors illicitly accessed the RedMart-only database, which is hosted on a third-party service provider. The incident may have potentially exposed users’ sensitive information like name, mailing address, encrypted passwords, and partial credit numbers.
The breach was found while Lazada’s security experts were carrying out their regular proactive monitoring check. Lazada informed the customers about the breach and logged them out from their accounts, asking them to create new passwords for precautionary measures. “We have taken immediate action to block unauthorized access to the database. For the avoidance of doubt, Lazada’s current data is not affected by this incident. This RedMart-only information is more than 18 months out of date and not linked to any Lazada database,” Lazada said in a statement.
The company also reported the incident to Singapore’s Personal Data Protection Commission and the Singapore Police Force for further investigation.
Lazada recommended its users to practice certain security measures. These include:
- If you receive any calls claiming to be from Lazada or RedMart asking for payment information, credit card numbers, or any other confidential information, you should hang up. Do not provide any information to the caller.
- Please also continue to be on the alert for spam emails requesting personal or sensitive information, as well as any unusual activity.
- Never share confidential information with anyone over the phone, email, or text, even if they claim to be someone you know.
- Delete messages from numbers or names you do not recognize.
- Change your passwords frequently and avoid using the same email and password combination across different services.
