Singapore’s privacy regulator imposed a $10,000 penalty on ride-hailing company GrabCar Pte for a personal-data breach incident last year and raised the alarm on repeated violations by the unit of Grab Holdings Inc.

In August 2019, an update of Grab’s mobile application exposed the personal data of more than 21,500 users to the risk of unauthorized access, according to the Personal Data Protection Commission. The breach, which included the profile pictures, names, wallet balance of users and vehicle plate numbers, was related to GrabHitch, a service that allows carpooling.

The glitch was fixed in less than an hour, according to the report. Still, the company should have had “properly scoped pre-launch tests” of the update before deployment, the commission said, adding that it was Grab’s fourth personal data violation since 2018.

To continue reading,

Sign in to access this Premium article.

Subscription entitlements:

Less than $9 per month
3 Simultaneous logins across all devices
Unlimited access to latest and premium articles
Bonus unlimited access to online articles and virtual newspaper on The Edge Malaysia (single login)

Stay updated with Singapore corporate news stories for FREE

Follow our Telegram | Facebook