Option Gift, a firmed based in Singapore, has been fined $4,000 by the Personal Data Protection Commission (PDPC) due to a technical error resulting to the leak of the personal data of more than 400 national servicemen.
In a report published by The Independent, the country’s the Personal Data Protection Commission (PDPC) revealed on June 6, Thursday, that it discovered that Option Gift had violated section 24 of the Personal Data Protection Action, which states that every organisation must secure personal data they have collected by practising security measures that prevent “unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks”.
The leaked data includes the log-in identifications, e-mail addresses, addresses, and contact details of a total of 427 Singapore Armed Forces (SAF) and Home Team.
The said men have been reported to have used Option Gift’s online portal, the Uniquerewards. The platform enables national servicemen to redeem credits from service-linked rewards, which are given in appreciation by the Ministry of Defence (MINDEF) and the Ministry of Home Affairs (MHA) for a serviceman’s outstanding performance or for a celebration for a certain event, such as child’s birth.
As explained by The Straits Times, the Personal Data Protection Commission (PDPC) found out that the information leak was due to a technical error, in which the firm’s programme script, which is supposed to generate confirmation messages for users who had requested redemptions, had sent the e-mails intended for individual servicemen to almost everyone by mistake.
The country’s privacy watchdog maintained that Option Gift, being the administrator of the portal, is in full possession and control over the leaked information. Thus, the firm takes full responsibility for the security of the online platform.
“In this regard, the Commissioner found that the Organisation had failed to conduct sufficient testing before rolling out the programme script,” the PDCP report adds.
However, the PDPC report also noted that commissioner Tan Kiat How took into consideration mitigating factors, such as Option Gift’s effort to inform the affected NSmen about the breach on the same day the leak happened, along with the different corrective measures the firm practised. As a token of apology, all the affected national servicemen were also given a gift voucher of $80 in July last year.
“The commissioner has not set out any further directions for the organisation given the remediation measures already put in place,” the report added.
Without these factors, Option Gift could have been charged $1 million for its failure to protect the personal data it has collected.