Poh Heng Jewellery says customer information accessed in data breach, no payment card information compromised

SINGAPORE — The names, phone numbers and e-mail addresses of customers of home-grown jewellery chain Poh Heng were accessed in a data breach on March 25.

Poh Heng Jewellery chief executive Eugene Goh, in a notice to customers seen by The Straits Times, said whoever was behind the breach had also accessed data on the birthdays, usernames and countries of residence of customers.

However, no payment card information was compromised because Poh Heng does not keep such data, he added.

The cyber attackers also did not get hold of user passwords, he said.

In response to queries, Poh Heng data protection officer Ezekiel Chin said reports have been lodged with the police and the Personal Data Protection Commission (PDPC).

He added that he is unable to provide details about the number of customers affected because investigations are ongoing.

Chin said: "We are working with relevant teams and experts to investigate the incident and would like to extend our sincere apologies to affected customers.

"Data security and user privacy are of utmost importance to us, and we will thoroughly review our platform and data protection processes to enhance safeguards against future attacks."

The Poh Heng Jewellery website displayed an upgrading notice and remained down when ST last checked it at 8pm.

Poh Heng was established in 1948 and has 17 stores islandwide.

In response to queries, the police said investigations are under way.

On Feb 22, 2024, online marketplace Carousell was fined $58,000 by the PDPC for two separate data breaches in 2022 that affected at least two million users.

ALSO READ: Data of over 40,000 Goldheart customers leaked on Dark Web, hacking forums

This article was first published in The Straits Times. Permission required for reproduction.