THE WHAT? L’Oréal Singapore has been issued a warning by the Personal Data Protection Commission (PDPC) following a breach of customer personal data online, according to a report by Marketing Interactive.
THE DETAILS The Singapore arm of the French beauty company was found to have operated a website that allowed customers to log in to their own personal information page. Having employed a vendor to make coding and website changes in November 2018, L’Oréal failed to check its login and caching functions and as a result consumer details were cached, allowing them to be disclosed to the next customers that logged in.
The PDPC found that L’Oréal was making relevant enquiries into the data breach and had now undertaken appropriate tests to highlight any future ramifications on website changes. However, it was not found to have included a situation when numerous users would log in after each other.
L’Oréal has avoided a fine and has instead received a warning from PDPC.
THE WHY? The data breach highlights a rising problem within Singapore, with Love Bonito having had a website infringement last year. Sephora also exposed personal data from customers using its online services in Singapore, Malaysia, Thailand, Philippines, Hong Kong, Australia and New Zealand over a two week period.