Bakery Worked with the Personal Data Protection Commission to Investigate Breach

On 21 September 2021, the Personal Data Protection Commission (“the Commission”) fined Seriously Keto Pte. Ltd. (“Seriously Keto”) a penalty of $8,000 over its breach of its personal data protection obligations under the Personal Data Protection (“PDPA”). In particular, the Commission found that Seriously Keto had failed to implement appropriate security measures in order to […]

Personal Data Protection Commission Allowing Fine to Be Paid in Installments

The Personal Data Protection Commission (“the Commission”) fined Sendtech Pte. Ltd. (“Sendtech”) a penalty of $9,000 through 12 installments following a finding that it had breached its obligations under the Personal Data Protection Act 2021. On 13 February 2021, Sendtech informed the Commission of an unauthorized access to its Amazon Web Services (“AWS”) account through […]

Online Marketplace Vindicated from Cyberattack

On 14 May 2021, Carousell Pte. Ltd. (“Carousell”) informed the Personal Data Protection Commission (“the Commission”) about an incident of unauthorized access to its users’ accounts due to a “credential stuffing” attack. Credential stuffing refers to a type of cyberattack where a cybercriminal accesses user accounts from one organisation using the usernames and passwords stolen […]