Inside L'Oréal Singapore's Personal Data Breach


The names, email addresses, postal addresses, mobile numbers and dates of birth of seven L'Oréal Singapore customers were reportedly compromised on its e-commerce website.

According to an article on Personal Data Protection Commission (PDPC) stated that after making coding changes to its website—which enabled customers to profile information, redeem vouchers and make inquiries about customer points—L'Oréal failed to run checks on its login and caching functions.

The article explained that when a customer logged into the website, their personal data would be cached and disclosed to the customer who logged in after them.

L'Oréal will only receive a warning as a result of the breach. The PDPC found that "L’Oreal had completed all necessary and appropriate tests based on the foreseeable impact of the requested changes to its website, but failed to include the foreseeable scenario of multiple users logging in sequentially."

For the full article, please visit

More in Digital/E-commerce