L’Oreal Singapore has been issued with a warning by the Personal Data Protection Commission (PDPC) following a breach of customers’ personal data.
The company had compromised customers’ profile information due to a security failure on its eCommerce website. According to a report by Marketing Interactive, information such as names, email addresses, postal addresses, mobile numbers and dates of birth were exposed.
The PDPC said L’Oreal operated a website that had a login portal enabling customers to review their profile information, redeem vouchers and make enquiries. The company contracted a vendor to make coding changes to the site in November 2018, but failed to run checks on its login and caching functions after the coding changes were made. As a result, customers who logged into to the site had their personal cached, resulting in their details being revealed to other customers who subsequently logged in to the same page.
Rather than issuing L’Oreal with a fine, the PDPC only gave a warning to the company.