The membership database of bubble tea chain Chicha San Chen has been hacked, its parent company, YKGI, said in an announcement on the Singapore Exchange (SGX) on Jun. 19.

The database includes the personal information of Chicha San Chen members such as their names, mobile numbers, email addresses, and encrypted login passwords.

YKGI added that it had reached out to affected individuals and recommended that all members change their passwords as soon as possible.

Membership database is operated by an external vendor

According to YKGI, the membership database is operated by an external vendor.

The hacker gained access to one of the vendor's shared servers, resulting in the membership database being compromised.

Upon discovering the incident, the vendor immediately took action to patch the server vulnerability.

YKGI has also reported the incident to the Personal Data Protection Commission.

It added that it will continue working with the vendor to improve cybersecurity, as well as conduct a review of the incident to ensure that data entrusted to the vendor remains secure.

Mothership has reached out to YKGI for more information on the matter.

Top left photo via Chicha San Chen/FB, right pic via Sora Shimazaki/Pexels