TAIPEI (Taiwan News) — Personal data of up to 900,000 customers of Breeze Center, a department store chain in Taipei, was reportedly breached in a cyberattack, reports said Wednesday (Feb. 22).
Hackers are said to have been peddling information they stole from Breeze Center on cybercrime forum BreachForums. The stolen data included details of the company’s business operations and the accounts and passwords of 900,000 customers whose transaction activities were exposed, UDN reported.
The department store confirmed the hack, saying it was recently blackmailed by anonymous senders. It stressed, however, that there was a discrepancy between the data leaked and what was stored in the company’s database, suggesting there could be other institutions being hacked, according to CNA.
The company has reacted by temporarily halting its loyalty program and asking for a change of password for its registered customers, the report said.
A joint probe was launched by the ministries of digital affairs and economic affairs on Thursday (Feb. 23), said Digital Minister Audrey Tang (唐鳳). The incident has revived the talk about the need for better and coordinated supervision of data breach events, as some are governed by Cyber Security Management Act (資通安全管理法) and others by Personal Data Protection Act (個人資料保護法).
The two regulations appear to be overlapping in some aspects and the fact that the penalties stipulated by the Personal Data Protection Act are more lenient has drawn criticism. A maximum fine of NT$200,000 (US$6,565) is incurred for companies failing to protect the information of their clients.
The act should be amended, Tang urged, while an overhaul should be conducted for competent authorities to enhance the management of data associated with citizens.