Cloud Security Risk for Retail Companies: Why Ignoring Best Practices Could be Costly – The Redmart Story

Cloud Security Risk for Retail Companies: Why Ignoring Best Practices Could be Costly – The Redmart Story

In September 2020, Singapore-based online grocery store, Redmart, experienced a data breach that exposed the personally identifiable information (PII) of over 890,000 of its customers. The breach, which occurred due to a misconfigured AWS cloud resource, resulted in the exposure of customer names, passwords, and partial credit card numbers.


According to an article, the Redmart internet-facing web server was connected to a storage server that was neither encrypted nor password protected. All ran with an AWS account with high privileges.

The consequences of this breach were significant for Redmart and its customers. In addition to potential identity theft and other forms of fraud, the company faced significant reputational damage and financial losses. As a result, the company was required to notify the affected customers and regulatory authorities and implement additional security measures to prevent similar incidents from occurring in the future.


One of the key compliance implications of this breach is the potential for regulatory fines and penalties. In Singapore, the Personal Data Protection Commission (PDPC) has the authority to levy fines for data breaches that involve the unauthorized disclosure of PII. In this case, Redmart was fined S$72,000 (a little over $50,000) for violating the Personal Data Protection Act (PDPA).


In addition to regulatory fines, Redmart risks legal action from affected customers. In cases where companies fail to adequately protect customer PII, they can be sued for damages, such as the cost of credit monitoring or identity theft protection services.


The Redmart data breach serves as a cautionary tale for businesses of all sizes that use the cloud and store sensitive data. It highlights the importance of properly configuring and securing cloud storage systems, controlling access to the account and the ..

Support the originator by clicking the read the rest link below.