SINGAPORE — Following M1’s suspension of pre-orders for the new iPhone 6 and iPhone 6 Plus because of a potential website breach, the Personal Data Protection Commission (PDPC) said it has contacted the telco and is investigating the matter.

Responding to media queries, a PDPC spokesperson said: “Under the Personal Data Protection Act, organisations are required to make reasonable security arrangements to protect personal data in their possession or under their control in order to prevent unauthorised access, collection, use or similar risks.”

Although pre-orders of the telco’s first batch of the iPhone 6 Plus were snapped up by Monday evening, remaining M1 customers who had wished to pre-order the much sought-after handsets had suddenly found that they could not do so on the telco’s site.

The company ceased all pre-orders for the new iPhones after it was alerted to a potential security loophole by one of its customers — a computer science postgraduate student who said he was able to hack into the site and access personal data of the telco’s customers.

To protect its customers’ personal information, M1 stopped all pre-orders on the site temporarily. M1 said it resumed accepting pre-orders 12 hours later and that the potential security breach has been rectified.

“M1 places the utmost priority in protecting our customer data and privacy and has implemented strict processes and procedures to safeguard customer information including regular security audits. We will be conducting a full review on this incident and we sincerely apologise for the inconvenience caused,” said the telco in a Facebook post yesterday.