Singapore authorities are investigating a data breach on the local e-commerce cashback platform ShopBack after the company made public an incident involving unauthorized access to customers’ personal data.

A spokesman for the privacy watchdog of the Personal Data Protection Commission said he was notified of the incident. “Investigations are ongoing,” he added.

ShopBack said it learned of unauthorized access to its systems that contained customers’ personal data “a few days ago”. He was still investigating what data had been compromised.

“So far, we have no reason to believe that any of your personal data has been misused, however, the possibility still exists,” said the company, apologizing for the incident.

“What we can guarantee is that your refund is safe … Your credit cards are safe, as we do not store your 16-digit card number or CVV in any of our systems.”

ShopBack said that customer account passwords are encrypted, but suggested that they change as an “additional precautionary measure”.

“We also suggest that you do not use the same password on other digital platforms,” he said while committing to taking steps to minimize the risk of a similar incident occurring again in the future.

ShopBack, is the # 1 rewards platform in the Asia Pacific. Using the rewards and discovery platform, users earn cashback, while offering performance-based marketing to merchants. The company started in Singapore in 2014, ShopBack has expanded to Malaysia, Indonesia, the Philippines, Thailand, Taiwan, Australia, and, most recently, Vietnam and Korea. In Singapore, the company has also extended its service offering with ShopBack GO, an app-based reward platform for in-store shopping, dining, and entertainment.