Read More
Hong Kong’s privacy watchdog said its investigation has revealed that Carousell is at fault after it experienced a security breach in January last year that led to over 320,000 Hong Kong users’ data being compromised.
ADVERTISEMENT
SCROLL TO CONTINUE WITH CONTENT
The Office of the Privacy Commissioner for Personal Data said the security breach has seen data of 2.6 million users of the secondhand goods marketplace from around the world leaked, including over 320,000 from Hong Kong.
The Office said Carousell, prior to a system migration in January last year, did not assess the impact on privacy, had incomplete code review procedures, and lacked effective measures to detect abnormal activities.
As a result, it failed to prevent or detect the extraction of users’ personal data, thus violating personal data protection regulations.
Carousell has committed a ‘fundamental error’ in ensuring the security of personal data, which is disappointing, the watchdog added.
The Office said it has since requested Carousell to rectify the situation in writing, as well as provided the investigation report to the privacy watchdog in Singapore, where the company's headquarters are located.
