- Joined
- Aug 20, 2022
- Messages
- 20,565
- Points
- 113
147,000 customer records affected following data breach at Cycle & Carriage
Cycle & Carriage was alerted on Jul 14 to unauthorised access into its database containing customer information.
Shot of a hacker using a laptop. (File photo: iStock)
Koh Wan Ting
01 Aug 2025 02:43PM (Updated: 01 Aug 2025 04:03PM)
SINGAPORE: A breach at Cycle & Carriage's database has affected about 147,000 records containing customer information, the car distributor said on Friday (Aug 1).
In response to CNA's queries, a spokesperson from Cycle & Carriage said that it was alerted on Jul 14 to "unauthorised access" into its customer relationship management system by a threat actor who downloaded some customer information.
"About 147,000 data records are affected. Most of the downloaded records have missing or partial information," added the spokesperson.
The affected data records may contain names and contact information - such as email addresses and phone numbers - with about 2 per cent of them containing National Registration Identity Card (NRIC) numbers and deposit amounts.
No banking or credit card information was divulged, the spokesperson said.
Cycle & Carriage is the local authorised dealer for car brands like Mercedes-Benz, Mitsubishi, Kia, Citroen and Peugeot.
"Once we became aware of the incident, we have taken measures to prevent further unauthorised access to the system," the spokesperson said.
"A thorough investigation was carried out and forensic experts were activated to look into the possible causes of this unauthorised access."
Apologising to affected customers, Cycle & Carriage said that the company has internal processes, protocols, and training in place to support data governance and cyber hygiene, but will continue to "review and refine these as needed" in light of the incident.
The firm has lodged a police report and notified the Personal Data Protection Commission (PDPC).
It has also begun to inform affected customers in batches from Wednesday.
In an email sent to a customer on Thursday, which CNA has seen, the firm referred to a "cybersecurity incident" and added that it was still investigating the full scope of the breach.
Customers were advised to be cautious of phishing activities or suspicious requests for personal information.
Responding to CNA's queries, PDPC said it is aware of the incident and is investigating the case.
On the matter of personal data protection, it added that members of the public who require information can refer to its website.
When asked about the incident, the Cyber Security Agency of Singapore (CSA) also pointed to its advisory, saying that organisations need to raise their defences against common data breach vectors.
This is to reduce the risk of a data breach and they should also implement adequate cybersecurity measures to minimise the impact on their customers.
