OG MEMBER NOTICE ON SECURITY INCIDENT
Dear Valued OG Members,
We write to inform you that on 4 January 2022, we were notified of an alleged data breach of a database containing information on OG Basic and Gold members.
Our preliminary investigations indicate that the database, which had been stored and managed by an external third-party membership portal service provider, was indeed compromised. While the extent of the incident is still being investigated, we are informing you now so that you can take appropriate steps expeditiously to protect your online credentials, as we explain further below.
We swiftly reported the matter to the police and other relevant authorities, including the Personal Data Protection Commission and the Cybersecurity Agency of Singapore. We are also working with our service provider as well as cybersecurity consultants and intend to fully investigate the breach, secure the database and take all necessary action to prevent recurrence.
Data that may potentially have been compromised include OG Basic and Gold members’ names, mailing addresses, email addresses, mobile numbers, genders, dates of birth, cryptographically-hashed NRIC data as well as cryptographically-hashed passwords to the member accounts.
The potentially compromised data did NOT include
- any unencrypted NRIC numbers. We have in any event not collected any NRIC data since 2019.
- any financial information, such as credit card numbers. OG has never stored any financial information of our customers.
The data breach was limited and confined to one isolated database on our members. It does NOT affect any past or future purchases made at OG or at our online stores on og.com.sg or Shopee.
Affected individuals should be alert to phishing or impersonation attempts. For members who have re-used their OG membership password across different websites or platforms, we recommend that you change your passwords immediately to avoid any possible compromise of your other accounts. You may also wish to enable additional security measures, such as multi-factor authentication if supported.
Immediate action taken
Since becoming aware of the incident, we have required our service provider to take immediate action to manage and remediate the breach, and ensure the database is secure. The management of OG is now working closely with our consultants and the authorities to strengthen our safeguards, systems and process. Our priority is to make sure your data is safe.
In the meantime, customers are reminded to stay alert and vigilant. Do be on your guard against suspicious individuals contacting you on email or by phone, and do not give out any personal data to anyone whose identity you cannot verify.
Your privacy is very important to us. Should you have any questions or concerns, please reach out to us at email@example.com.