Chicha San Chen membership database hacked, says parent company

SINGAPORE - Fans of popular bubble tea chain Chicha San Chen who hold memberships are advised to change their login passwords as soon as possible, after a hacker gained access to its database.

The data accessed by the hacker includes the personal information of members, such as their names, mobile numbers, e-mail addresses and login passwords.

In an announcement filed on the Singapore Exchange after the market closed on June 19, the brand’s parent company YKGI said it had encountered a “cyber-security incident” that saw its customer relationship management system hacked.

The system is managed by an external vendor, and the hacker had gained access to one of the vendor’s shared servers, resulting in Chicha San Chen’s membership data being compromised.

YKGI added that the vendor took immediate action to fix the vulnerability after discovering the incident.

It said it has started to notify those who have had their data stolen, and will work with its vendor to strengthen its cyber security.

It also said it will do a review of the incident to ensure that the data provided to its vendor continues to be safe and secure.

A report has been filed with the Personal Data Protection Commission (PDPC), said YKGI.

In response to queries, the PDPC said it is investigating the case.

A check on threat intelligence platform FalconFeeds.io shows that the data of Chicha San Chen members was put on sale on a hacker’s forum on June 5.

The Straits Times has contacted YKGI for more details about the number of people affected.