Cyber Incident Victim: ShopBack

In September 2020, Singapore-based e-commerce cashback platform ShopBack disclosed a data breach involving unauthorized access to customer personal data. The incident came to public attention when ShopBack announced the breach, prompting immediate investigations by local authorities. While the exact date of the intrusion remains unspecified in public reports, ShopBack's disclosure occurred around mid-September 2020, with media coverage appearing by September 25. The company confirmed that attackers had compromised customer information but did not specify the number of affected accounts or the precise timeline of unauthorized access. ShopBack initiated incident response procedures upon detection, though the specific method of discovery remains undisclosed. The breach investigation involved coordination with relevant Singaporean regulatory bodies as part of standard breach response protocols for data protection incidents.

The confirmed impact involved exposure of customer personal data, though financial information such as credit card details and passwords reportedly remained uncompromised according to initial assessments. ShopBack issued public notifications about the breach through official channels, advising customers to remain vigilant while emphasizing that core financial systems appeared unaffected. Concurrently with ShopBack's incident, Singapore-based hospitality startup RedDoorz separately reported a database breach during the same September timeframe, though this constituted a distinct event from the ShopBack intrusion. Both incidents drew attention to cybersecurity vulnerabilities in Singapore's digital commerce sector during this period. ShopBack maintained ongoing communication with authorities throughout the investigation process while working to restore normal operations following containment of the breach.