SINGAPORE, Aug 1 — About 147,000 customer records were compromised in a recent data breach at car distributor Cycle & Carriage in Singapore, the company confirmed today.

Responding to media queries, a Cycle & Carriage spokesperson said the firm detected unauthorised access to its customer relationship management system on July 14, where a threat actor downloaded certain customer details, according to CNA in a report published today. 

“About 147,000 data records are affected. Most of the downloaded records have missing or partial information,” the spokesperson said.

The compromised data may include names and contact details such as email addresses and phone numbers.

Around 2 per cent of the records also contained National Registration Identity Card (NRIC) numbers and deposit amounts. 

No banking or credit card details were accessed.

Cycle & Carriage, the authorised dealer in Singapore for car brands including Mercedes-Benz, Mitsubishi, Kia, Citroën and Peugeot, said it has taken steps to block further unauthorised access following the breach.

A forensic investigation has since been launched, and the company has brought in cybersecurity experts to determine the cause of the intrusion.

Cycle & Carriage has notified Singapore’s Personal Data Protection Commission (PDPC), lodged a police report, and begun informing affected customers in batches starting Wednesday.

In an email to a customer seen by CNA, the company described the incident as a “cybersecurity breach” and said it was still assessing the full extent of the damage.

Apologising to those affected, the company said it had internal protocols and training in place to safeguard data but would continue to improve these measures in light of the breach.

Customers were urged to stay alert for phishing scams and suspicious requests for personal information.

The PDPC confirmed it is investigating the case, while the Cyber Security Agency of Singapore reminded organisations to strengthen cybersecurity defences to prevent data leaks and limit their impact.