Singapore: Personal Data Protection Commission investigation into Ezynetic over alleged failure to protect personal data (Case No. DP-2406-C2585 )
Progress
Current status
in force
03 Jul 2025 in force
26 Jun 2024 under deliberation
Scope
Implementers
Singapore
Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
software provider: other software
Government Branch
executive
Government Body
data protection authority
Implementation Level
national
Timeline of events
Personal Data Protection Commission issued ruling in its investigation into Ezynetic over alleged failure to protect personal data (Case No. DP-2406-C2585)
On 3 July 2025, Singapore’s Personal Data Protection Commission (PDPC) issued a preliminary decision against Ezynetic,, a Software-as-a-Service (SaaS) provider for licensed moneylenders, following a ransomware attack in June 2024 that led to the exf…
Event type
investigation
Action type
ruling
Government branch
executive
Government body
data protection authority
Personal Data Protection Commission announced investigation into Ezynetic over alleged failure to protect personal data (Case No. DP-2406-C2585)
On 26 June 2024, the Personal Data Protection Commission (PDPC) commenced an investigation under section 50(1) of the Personal Data Protection Act 2012 (PDPA) into Ezynetic, a Software-as-a-Service provider for licensed moneylenders, following a dat…
Event type
investigation
Action type
announcement
Government branch
executive
Government body
data protection authority