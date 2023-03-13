SINGAPORE: Restaurant reservation platform eatigo has been fined S$62,400 after a database containing the personal data of around 2.8 million users was put up for sale on an online forum.

Names, emails, telephone numbers, encrypted passwords, Facebook ID numbers and tokens – which allowed access to users’ Facebook and eatigo accounts – were affected in the data breach.

The company had effectively lost track of the legacy database when it migrated to its current online platform in 2018, said Deputy Commissioner of the Personal Data Protection Commission (PDPC) Yeong Zee Kin in a written judgment released on Friday (Mar 10).

The data leak only came to the authority's attention in October 2020.

The PDPC found that the company had failed to implement reasonable security arrangements to protect its users' personal data.

Eatigo had left the database “exposed to a risk of unauthorised access and exfiltration for a protracted period of time”, Mr Yeong wrote. It also impeded investigations by responding in an "uncooperative and evasive manner” to the PDPC’s notices to produce specified information and documents.

Furthermore, eatigo did not implement basic data protection processes or conduct security audits of its IT infrastructure, which might have led to the discovery of the leaked database.