Singapore: Personal Data Protection Commission issued ruling in its investigation into Ezynetic over alleged failure to protect personal data (Case No. DP-2406-C2585)

Personal Data Protection Commission issued ruling in its investigation into Ezynetic over alleged failure to protect personal data (Case No. DP-2406-C2585)

On 3 July 2025, Singapore’s Personal Data Protection Commission (PDPC) issued a preliminary decision against Ezynetic,, a Software-as-a-Service (SaaS) provider for licensed moneylenders, following a ransomware attack in June 2024 that led to the exf…

Scope

Policy Area

Data governance

Policy Instrument

Data protection regulation

Regulated Economic Activity

software provider: other software

Implementation Level

national

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2024-06-26

under deliberation

On 26 June 2024, the Personal Data Protection Commission (PDPC) commenced an investigation under se…

2025-07-03

in force

On 3 July 2025, Singapore’s Personal Data Protection Commission (PDPC) issued a preliminary decisio…

Description

Personal Data Protection Commission issued ruling in its investigation into Ezynetic over alleged failure to protect personal data (Case No. DP-2406-C2585)

Scope

Complete timeline of this policy change