The penalty, assessed by the Personal Data Protection Commission (PDPC), the Singapore government agency responsible for personal data protection, stemmed from an incident last year when Grab’s mobile app exposed information of more than 21,500 users.
Bloomberg reported the breach was related to an update of GrabHitch, the company’s carpooling service. It included names, vehicle license plate numbers and wallet balances of users.
While the PDPC said the glitch was fixed in less than an hour, it also said Grab should have tested the update before it was allowed to be installed by users, Bloomberg reported. In addition, the panel said that it was Grab’s fourth personal data violation in two years.
“Given that the organization’s business involves processing large volumes of personal data on a daily basis, this is a significant cause for concern,” Yeong Zee Kin, deputy commissioner for the PDPC, said in a statement, Bloomberg reported.
A group of insurance companies, including Hong Kong-based AIA Group Limited, a publicly-traded life insurance group; Prudential PLC, a British global life insurance and financial services company; and others are expected to reach agreements as early as October, sources told Reuters.
If a deal between Grab, AIA and Prudential is signed, it would fuel Grab’s financial services products.
“Finalizing new funding during these times could also help Grab in its sales pitch for the Singapore banking license,” a source told Reuters.
In August, Grab expanded its services by offering consumer loans in Singapore along with wealth management products. The strategy, called “Thrive with Grab,” is designed to tap into the region’s vast market where more than 70 percent of Southeast Asians lack bank accounts.
In June, Grab’s online grocery shopping delivery service expanded to a sizable share of the Southeast Asian market as it added Cambodia to its list of countries serviced by its GrabMart shopping and delivery app, now available in eight Southeast Asian countries and 50 cities.