Singapore says Grab’s four privacy breaches since 2018 a “cause for concern”

Singapore’s privacy regulator imposed a S$10,000 ($7,311) penalty on ride-hailing company GrabCar Pte for a personal-data breach incident last year and raised the alarm on repeated violations by the unit of Grab Holdings Inc.

In August 2019, an update of Grab’s mobile application exposed the personal data of more than 21,500 users to the risk of unauthorised access, according to the Personal Data Protection Commission. The breach, which included the profile pictures, names, wallet balance of users and vehicle plate numbers, was related to GrabHitch, a service that allows carpooling.

The glitch was fixed in less than an hour, according to the report. Still, the company should have had “properly scoped pre-launch tests” of the update before deployment, the commission said, adding that it was Grab’s fourth personal data violation since 2018.

“Given that the organisation’s business involves processing large volumes of personal data on a daily basis, this is a significant cause for concern,” Yeong Zee Kin, deputy commissioner for the Personal Data Protection Commission, said in the announcement dated September 10.

Singapore is among a handful of Asian countries with comprehensive data protection rules. Multinationals that do business in Singapore must follow its Personal Data Protection Act, which requires companies to get user consent before collecting or using personal data.

GrabCar posted revenue of S$67.5 million and a loss of S$119.7 million in 2018, according to its most recent filings with Singapore regulators.

Grab, which has operations in 351 cities across eight countries in Southeast Asia, has diversified into digital offerings such as food delivery and financial technology services. The mobile application had more than 187 million downloads, according to a statement on the company’s website.

Grab’s cooperation with the investigation and prompt, forthcoming responses to queries was a “mitigating factor” when arriving at the penalty amount, the regulator said. For Grab’s mobile applications, the regulator ordered a so-called data protection by design policy — where developers consider data and privacy issues at the design phase — within 120 days.

Bloomberg

Singapore Reporter/s

In Singapore, we are looking to double our reporting team by this year-end to comprehensively cover the fast-moving world of funded startups and VC, PE & M&A deals. We want reporters who can tell our readers what is really happening in these sectors and why it matters to markets, companies and consumers. The ability to write precisely and urgently is crucial for these roles. Ideal candidates must have to ability to work in a collaborative, dynamic, and fast-changing environment. We want our new hires to be digitally savvy and ready to experiment with new forms of storytelling. Most importantly, we are looking for hard-hitting reporters who work well in a team. Collaboration and collegiality are a must.

Following vacancies can be applied for (only in Singapore).

Following vacancies can be applied for (only in Singapore).   

  • A reporter to track companies/startups that have raised private capital, and have the potential to become unicorns. SEA currently has over 40 companies with a valuation of over $100 million and under $1 billion.
  • A reporter who can get behind the scenes and reveal how funding rounds are put together, or why they’ve failed to materialise. She/he in this role will largely focus on long-format stories. 
  • A journalist to track special situations funds, distressed debt and private credit (from the PE angle) across Asia.

Singapore Reporter/s

In Singapore, we are looking to double our reporting team by this year-end to comprehensively cover the fast-moving world of funded startups and VC, PE & M&A deals. We want reporters who can tell our readers what is really happening in these sectors and why it matters to markets, companies and consumers. The ability to write precisely and urgently is crucial for these roles. Ideal candidates must have to ability to work in a collaborative, dynamic, and fast-changing environment. We want our new hires to be digitally savvy and ready to experiment with new forms of storytelling. Most importantly, we are looking for hard-hitting reporters who work well in a team. Collaboration and collegiality are a must.

Following vacancies can be applied for (only in Singapore).

Following vacancies can be applied for (only in Singapore).   

  • A reporter to track companies/startups that have raised private capital, and have the potential to become unicorns. SEA currently has over 40 companies with a valuation of over $100 million and under $1 billion.
  • A reporter who can get behind the scenes and reveal how funding rounds are put together, or why they’ve failed to materialise. She/he in this role will largely focus on long-format stories. 
  • A journalist to track special situations funds, distressed debt and private credit (from the PE angle) across Asia.