Singapore Says Grab’s Fourth Privacy Breach Is Concerning
- Personal data regulator imposes S$10,000 penalty on GrabCar
- GrabCar ordered to set up ‘data protection by design’ policy
A GrabCar driver uses the Grab app on a smartphone in Singapore.
Photographer: Ore Huiying/BloombergThis article is for subscribers only.
Singapore’s privacy regulator imposed a S$10,000 ($7,311) penalty on ride-hailing company GrabCar Pte for a personal-data breach incident last year and raised the alarm on repeated violations by the unit of Grab Holdings Inc.
In August 2019, an update of Grab’s mobile application exposed the personal data of more than 21,500 users to the risk of unauthorized access, according to the Personal Data Protection Commission. The breach, which included the profile pictures, names, wallet balance of users and vehicle plate numbers, was related to GrabHitch, a service that allows carpooling.