The glitch was fixed in less than an hour, according to the report. Still, the company should have had “properly scoped pre-launch tests” of the update before deployment, the commission said, adding that it was Grab’s fourth personal data violation since 2018.
Singapore’s privacy regulator imposed a $10,000 penalty on ride-hailing company GrabCar Pte for a personal-data breach incident last year and raised the alarm on repeated violations by the unit of Grab Holdings Inc.
In August 2019, an update of Grab’s mobile application exposed the personal data of more than 21,500 users to the risk of unauthorized access, according to the Personal Data Protection Commission. The breach, which included the profile pictures, names, wallet balance of users and vehicle plate numbers, was related to GrabHitch, a service that allows carpooling.
