// Adds dimensions UUID, Author and Topic into GA4
Saturday, July 4, 2026
32.6 C
Singapore

Singapore-based firm fined S$74K for data breach due to weak password affecting over 500K users

SINGAPORE: The Personal Data Protection Commission (PDPC) has fined PPLingo S$74,000 for a data breach caused by a weak password that affected over half a million users.

The Straits Times reported that the breach in April 2022 exposed sensitive personal information, including cellphone numbers, bank account numbers, signatures, and identity card numbers of Chinese nationals.

This breach impacted 557,144 users, including more than 300,000 minors using the company’s online language lessons.

PPLingo, under the website LingoAce, offers Chinese and English language classes for children aged four to 15 worldwide. The data breach was facilitated by a weak administrator password, “lingoace123,” which had not been changed for over two years.

Based on the company’s website name, this password was compromised through brute force attacks, a method where hackers use trial and error to crack passwords.

The hacker accessed the administrator account, informed the company about the breach, and provided proof by listing the personal data of several users.

However, the hacker did not follow up with any demands, leaving the compromised data at risk. PDPC’s investigation revealed significant lapses in the company’s security measures.

Notably, PPLingo had no password policy beyond requiring a minimum length of eight characters and did not mandate password complexity or periodic changes.

In addition, the administrator account lacked multi-factor authentication, a now-standard security measure for protecting sensitive data.

The commission highlighted the firm’s failure to appoint a data protection officer (DPO) before the breach, a requirement under Singapore’s data protection laws.

The company only appointed a DPO after the incident, despite being operational since 2016.

Responding to the breach, PPLingo took remedial actions, including notifying affected users and implementing stronger security measures.

Despite these actions, the PDPC imposed the fine, highlighting the firm’s prior negligence contributed to the severity of the breach.

PPLingo requested a reduced fine, arguing that it had voluntarily notified other data protection authorities in over 40 affected locations and suggesting that the fine should consider only Singapore-based individuals.

The PDPC rejected this plea, maintaining that the firm is responsible for all personal data, regardless of the users’ locations.

PDPC announced on May 23 another penalty of S$28,000 on Horizon Fast Ferry for a separate data breach.

This Singapore-based ferry operator, which services routes between Singapore and Batam, experienced a leak affecting nearly 108,500 customers. The compromised data included passport numbers, dates of birth, and passport issue and expiry dates.

The breach at Horizon Fast Ferry was revealed in March 2023 through ransomware emails indicating that customer data had been leaked.

The company informed PDPC about the breach the following month and took steps to mitigate the impact, including hiring a vendor to develop a new website.

PDPC’s investigation found that Horizon Fast Ferry had not ensured its IT support vendor’s staff were adequately familiar with its operating system, resulting in insufficient security measures. /TISG

Read also: MOE: Parents’ & teachers’ names and e-mail addresses of 127 schools leaked after Mobile Guardian app breach

- Advertisement -

Hot this week

‘My hands were shaking’: Commuter says she was left ‘humiliated’ by bus driver after EZ-Link card failed to work when she tapped in

The commuter said, "What hurt me deeply was not the payment problem itself, but the way I was treated very very bad during that moment. I was shouted at loudly in front of many passengers while I w...

‘People say I don’t think about Singapore’: Singaporean says colleagues gave unsolicited advice about children, marriage and her relationship

SINGAPORE: Singapore's falling fertility rate is a hot topic these days, but one woman says some people have taken the national concern a little too personally. After telling her older colleagues...

Popular Categories

document.addEventListener("DOMContentLoaded", () => { const trigger = document.getElementById("ads-trigger"); if ('IntersectionObserver' in window && trigger) { const observer = new IntersectionObserver((entries, observer) => { entries.forEach(entry => { if (entry.isIntersecting) { lazyLoader(); // You should define lazyLoader() elsewhere or inline here observer.unobserve(entry.target); // Run once } }); }, { rootMargin: '800px', threshold: 0.1 }); observer.observe(trigger); } else { // Fallback setTimeout(lazyLoader, 3000); } });
// //
Enable Notifications OK No thanks