Decision of PDPC

Dear customer,

We refer to our Notice of Data Breach released on 21 June 2022.

We have received the official written decision by Personal Data Protection Commission (PDPC) published on 10 Nov 2023 and fully accept the decision as well as the imposed financial penalty of $82,000. We sincerely apologise to our valued customer for the incident and express our gratitude for your understanding and support.

To address the situation promptly, we have engaged the services of an IT forensic investigation firm to effectively eliminate the ransomware and also carry out a comprehensive risk assessment. It is reassuring to note that their investigation did not detect any leaks or misuse of the encrypted data.

We immediately initiated our internal investigation and implemented necessary measure to address the situation, working closely with our IT vendors and liaising with PDPC. Furthermore, we had made applicable changes to strengthen the security of our company’s computer systems and diligently followed the remediation steps set out by PDPC to enhance our systems and safeguard our customers’ data.

We take our responsibility very seriously when it comes to safeguarding our customers’ data. We will maintain constant vigilance to prevent any recurrence of such incidents.