Singaporean e-commerce site ShopBack has notified its customers that it become aware of an incident that involved “unauthorized” access to their systems which contained sensitive data including customer information.

While details of the extent of the unauthorized access are still not clear, the company is confident that none of their customer’s personal data has been misused, but adds that the possibility for that still exists.

“What we can assure you of is that your cashback is safe, your ShopBack account password is protected by encryption and we do not collect credit card details,” they add in an email sent to customers.

While ShopBack does not collect credit card information, it does have contact information, gender, date of birth and other information that customers have provided voluntarily.

Customers’ cashback balances or unutilized vouchers were also not affected by the incident, said ShopBack in an FAQ page on its mobile app.

And while there are encryption and protection on passwords, the site is suggesting that users change their passwords on their site. This is especially important if you use the same combination username and password on other sites.

Despite the announcement, business operations have been unaffected, and customers can still claim and redeem their vouchers and balances as of this time.

ShopBack has already started a thorough investigation of the data breach and is already cooperating with Singaporean authorities to find the cause.

“We immediately initiated an investigation and engaged leading cybersecurity specialists to assess the extent of the incident and to further enhance our security measures,” said ShopBack, adding that it was also collaborating with relevant authorities.