The short story:
HOSPITALITY platform RedDoorz was found to have leaked the details of 5.9 million customer records in the largest data breach incident since Singapore’s Personal Data Protection Act came into force. The root cause was traced to the API key embedded in the mobile app that the developers used.
Even if ReDoorz had several pentests done. The mobile app was not screened. It however helped to reduce the overall fines levied on it.