Thai department store operator The 1 Co reports data breach exposing loyalty programme members

The 1 Co, a subsidiary of Central Group, Thailand's largest department store and shopping mall operator, is reporting a data breach affecting their loyalty programme members. No details are disclosed about exposed data types nor the timeline of the incident.

Apparently, the company was hit by a ransomware attack that exposed the data of approximately 5 million loyalty program members. The threat actors threatened to sell the stolen data after failed ransom demand. The 1 Co has implemented enhanced security measures and pledged to cooperate with both government and private organizations for additional system security assessments.

The company has also issued security advisories to their customers, warning them against sharing one-time passwords, opening suspicious links, or responding to messages from unreliable sources. Customers are specifically cautioned against engaging with individuals claiming to represent The 1 Co.

The company has issued a formal apology while maintaining that their initial internal investigation found no security system vulnerabilities.

The breach has triggered an investigation by Thailand's Office of the Personal Data Protection Commission (PDPC), with acting secretary-general Wetang Phuangsup overseeing the case. The PDPC has given The 1 Co a seven-day deadline to conduct a thorough examination of their security system and submit their findings.