I heard that there was unauthorized access to your RedMart database. What happened?
On 29 October 2020, our cybersecurity team discovered a data security incident involving unauthorised access to a RedMart-only database hosted on a third-party service provider ("Database"). We immediately disabled such access to the Database, commenced investigations into the incident, and took steps to enhance our security measures.
How did Lazada discover the breach/cyberattack?
Our cybersecurity team discovered the data security incident on 29 October 2020, during the course of regular proactive monitoring.
What data is compromised by this incident?
The data security incident resulted in unauthorised access to the database which contained personal data of RedMart customers (which was last updated in March 2019), including names, phone numbers, email and mailing address, encrypted passwords and partial credit card numbers.
The data is more than 18 months out of date, and is not linked to any current Lazada database. Hence, none of Lazada's current customer data is affected by this data security incident.
Is my credit card safe?
Your credit card information is generally safe as we do not store your full 16-digit card number and CVV on any of our systems which are required for payment. Nonetheless, we recommend that you keep vigilant and monitor for any unusual activity or suspicious transactions on your credit cards.
How do I know if my account was affected?
If your account was affected, we will reach out to you directly via e-mail. As a precautionary measure, all affected customers have been logged out of their existing accounts and will be required to create a new password on their next login.
Is my Lazada account safe to use? Will it be affected?
Lazada's current customer data is not affected by this data security incident. Our operations are not affected and you may continue to access your Lazada account safely. For security tips to better protect yourself online, please see "What can I do to protect myself and my data?”.
Have you reported this to the authorities?
Yes, we have also voluntarily reported this incident to Singapore’s Personal Data Protection Commission. We are also in touch with other relevant authorities, including the Singapore Police Force, and will continue to work closely with them.
What is Lazada doing to protect its customers?
All existing passwords are protected by encryption. As a precautionary measure, all affected customers have been logged out of their existing accounts and will be required to create a new password on their next login.
Protecting the data and privacy of our users is of utmost importance to us. We are working closely with the relevant authorities on this incident and remain committed to providing the necessary support to all our users.
What can I do to protect myself and my data?
Your existing Lazada account password is protected by encryption. As a further security measure, we recommend that you change your password. Please click here for steps on how to change your password.
Please also continue to be on the alert for spam emails requesting personal or sensitive information, as well as any unusual activity. Lazada does not request customers to verify their personal information. If you receive any calls claiming to be from Lazada or RedMart asking for payment information, credit card numbers, or any other confidential information, you should hang up. Do not provide any information to the caller.
Some additional tips:
Can I trust Lazada/RedMart with my data going forward?
Lazada places great importance on protecting your personal information, and we value the trust you have placed in us. We want to be transparent about this incident with all of our customers and reassure you that we are taking it very seriously. We are fully committed to taking the necessary steps to minimize the risk of a similar incident occurring in the future.
How can I contact Lazada/RedMart if I have further questions/concerns?
If you have any further questions about the incident, you may also reach out to our Customer Service Agents via chat to assist you.