Personal Information of 900,000 Customers Leaked 微風集團APP遭駭 90萬會員個資外洩

Department store Breeze Group reported its database has been hacked and it received an anonymous blackmail. 900,000 customer and supplier information has been leaked. 

The staff cleaned the entire building again before opening. Local department store operator Breeze Group operates five department stores and four food malls in Taiwan. Members can accumulate consumption points on the Breeze App. However, the company recently received an anonymous ransom blackmail, which stated that a database containing 900,000 customers including personal information, invoices, orders, and suppliers' information both have been hacked. The company has already reported the incident to the police.

Citizen: “Generally speaking, I'm more at ease with big brands. Credit cards too. Of course, you will think about how could this happen. So in the future, if it's not a big brand, we can't even trust it.”

Citizen: “Just try not to leave your personal information out there. If some apps need personal information, I won't want to sign up for them.”

The Breeze Group stated that it received an anonymous cyber extortion letter and immediately activated damage control. The company's IT department has already completed software and operating system updates to improve its firewall. Breeze Group also appealed to the public not to repost and distribute personal information to avoid violating the law. Information security experts suggest that companies can separate internal corporate data from customer data, and set up different firewalls to reduce risks.

Cha Shih-lang, Professor, Dept. of Information Management, NTUST: “Important core systems should be separated from the normal operating system. And you can't just connect in and change the code. At present, a lot of SMEs or some e-commerce companies are relatively lacking in this respect.”

Experts also remind the public to be vigilant if receiving a message to ask for changing a password or getting an unknown call. Please check with the business or call the anti-fraud hotline to avoid being deceived. 

人員來回打掃，在開店之前，再次進行全館清潔。本土百貨業者微風集團，在全台經營5家百貨、4個美食商場，會員都可以微風App累積消費點數，但微風集團近日收到匿名勒索信，駭客表明已經得手微風資料庫，90萬用戶個資、發票、訂單，還有供應商資料，要求付贖金，集團已經報警處理。

民眾指出：「一般來說就是大品牌我們會比較安心，信用卡也是，對呀這些都是。當然會覺得說怎麼會這樣，會有點就是，那以後是不是大品牌，也都不太能相信。」

民眾提及：「就儘量不要在外面留下自己的個資，如果有些App需要個資的話，有些就不會想要辦這樣。」

微風集團發出聲明，收到匿名網路勒索信件，第一時間立即啟動損害機制，內部資安團隊已完成軟體以及作業系統更新，提高資安防護層，對於有駭客網站露出微風資料庫，微風也呼籲民眾，個資不可轉傳散布，避免觸法。資安專家建議，業者可以將企業內部資料和顧客資料區隔，分別設防火牆，降低風險。

台科大資訊管理系教授查士朗表示：「重要的核心系統，跟一般的人員的辦公系統，做一個隔離，而且你不能隨便連進去改程式。在目前一些中小企業或者是一些電商公司，其實在這方面來講相對欠缺。」

專家也提醒民眾，通常發生資料外洩的第一時間，業者都會發訊息要求會員改密碼，這時就要有所警覺，萬一接到不明來電，可向商家查證或撥打反詐騙專線，避免受騙。