Popular bubble tea chain Chicha San Chen breached in Singapore


Members of Chicha San Chen are advised to change their passwords as soon as possible, as hackers exposed credentials and personal information on the dark web, the Straits Times reports in Singapore.

YKGI, the parent company of a Taiwanese bubble tea chain, filed a statement with the Singapore Exchange, saying it had encountered a “cyber-security incident” in its customer relationship management system. The information exposed includes names, mobile phone numbers, email addresses, and login passwords.

YKGI is an operator of many food and beverage outlets, that include Yew Kee Duck Rice, XO Minced Meat Noodle, and other brands.

The cybersecurity incident happened when an unauthorized party accessed one of the shared servers operated by an external vendor.

According to the filing, the threat actor accessed the CHICHA San Chen membership database.

“Upon discovering the Incident, the Vendor took immediate action to patch the server vulnerability. The Company has reported the cybersecurity Incident to the Personal Data Protection Commission,” YKGI said.

The company mentioned that leaked passwords are encrypted. However, it did not specify the encryption method.

While YKGI notifies affected individuals, it also recommends that all members change their login passwords as soon as possible. The same applies to reused passwords on other platforms.

According to the Straits Times, the data of Chicha San Chen members was put on sale on a hacker’s forum on June 5.