SINGAPORE: Some Love, Bonito customers may have had their personal data leaked after a "malicious code" was found on the retailer's e-commerce website.
In an e-mail sent out to customers on Friday (Dec 13) and seen by CNA, the retailer said the code was added to its website on Tuesday.
"Based on our investigations, some of your personal information may have been exposed," said the e-mail from Love, Bonito co-founder Rachel Lim.
The personal information includes customer's first and last names, shipping addresses, dates of birth, e-mail addresses, phone numbers, order details, billing addresses, payment type and credit card information, including expiry dates and the last four digits of the credit card number.
"We have always been committed to providing our community with a safe shopping environment and sincerely apologise for this incident," she wrote.
Separately, a spokesperson for the company said it was taking the attack "very seriously" and that a "small number" of its customers have been affected.
About 3 per cent of customers may have had their personal information exposed, she said, adding that a "small number" may have had their financial data accessed.
She did not elaborate on the number of customers affected by the data breach.
"We took immediate actions to remove the malicious code and further steps to secure our systems," the spokesperson added.
NEW CREDIT MONITORING SYSTEM
Ms Lim said the company has engaged a data security expert to conduct a "forensic investigation" and will continue to review its security controls.
It has also informed the Personal Data Protection Commission and the police of the breach and is assisting them with their investigations.
The company is setting up a credit monitoring service as a precautionary measure, added Ms Lim. Customers will be sent details on how they can sign up for the service in the next few business days.
Customers have also been advised to carefully review their payment card and bank statements, to report unauthorised charges in a timely manner, and to make sure two-factor authentication (2FA) has been set up for credit cards.
"We take our obligation to safeguard your personal data very seriously and will continue to take the necessary precautions to protect your privacy," she wrote.