SINGAPORE: Fans of popular bubble tea chain Chicha San Chen who hold memberships are advised to change their login passwords as soon as possible, after a hacker gained access to its database.

The data accessed by the hacker includes the personal information of members, such as their names, mobile numbers, e-mail addresses and login passwords.

In an announcement filed on the Singapore Exchange after the market closed on Wednesday (June 19), the brand’s parent company YKGI said it had encountered a “cyber-security incident” that saw its customer relationship management system hacked.

The system is managed by an external vendor, and the hacker had gained access to one of the vendor’s shared servers, resulting in Chicha San Chen’s membership data being compromised.

YKGI added that the vendor had taken immediate action to fix the vulnerability after discovering the incident.

It said it has started to notify those who have had their data stolen, and will work with its vendor to strengthen its cyber security.

It also said it will do a review of the incident to ensure that the data provided to its vendor continues to be safe and secure.

A report has been filed with the Personal Data Protection Commission (PDPC), said YKGI.

A check on threat intelligence platform FalconFeeds.io shows that the data of Chicha San Chen members was put on sale on a hacker’s forum on June 5.

The Straits Times has contacted YKGI for more details about the number of people affected, as well as the PDPC. - The Straits Times/ANN