At a glance.
- Customer data breach at KrisShop.
- Voter information data breach in the Philippines.
Shopping the not-so-friendly skies.
Singapore Airlines' in-flight retailer KrisShop has disclosed that customer data were exposed after a phishing attack led to the breach of an employee account. The compromised data include the names, email addresses, street addresses, phone numbers, and e-voucher numbers of nearly five thousand shoppers. The bank account numbers of approximately 165 customers were also exposed, as well as the KrisFlyer account numbers of seventeen users. The attack was detected on March 8, and the Personal Data Protection Commission was notified on March 10. A KrisShop spokesperson told the Straits Times, "The affected account was locked as soon as we were alerted to the phishing attack, and investigations began immediately.” He added that the exposed files were encrypted.
Voter data breach in the Philippines under investigation.
Lawmakers confirmed yesterday that a security breach of the Philippines Commission on Elections’ (Comelec) service contractor, Smartmatic, potentially exposed voter data. The announcement follows approximately two months of investigations after reports alleging intruders had infiltrated Comolec’s servers and stolen more than 60 gigabytes of information connected to the May 2022 elections. The threat actors also accessed internal data including network diagrams, IP addresses, privileged user lists, and domain admin credentials. The Manila Bulletin reports that the subsequent probe included three hearings, one of which was a closed-door session involving Comelec, Smartmatic, the National Bureau of Investigation, and the Department of Information and Technology. Still, there appears to be some lingering debate even among officials, as Senator Imee Marcos, chairperson of the Joint Congressional Oversight Committee on the Automated Election System, said she would not describe the incident as a hack, while Senate President Vicent “Tito” Sotto said “technically, it was a hacking.” Smartmatic spokesperson Christopher Louie Ocampo contradicted the lawmakers’ report, claiming that the contractor merely provides the automated election system and does not store or process any 2022 election voter data. The investigation is ongoing.