Membership database of bubble tea chain Chicha San Chen hacked

share on

twitter /
facebook /
linkedin /
- email
- telegram
- whatsapp
- wechat
- pinterest
- line
- snapchat
- reddit

Bubble tea chain Chicha San Chen is advising customers who hold memberships with it to change their passwords after a hacker gained access to its database.

In a statement posted by the brand's parent company, YKGI on Singapore Exchange on 19 June, YKGI said that the group has recently encountered a cybersecurity incident, where its customer relationship management system, which is operated by an external vendor, was subject to a hacking incident.

"An unknown party gained unauthorised access to one of the vendor’s shared servers which resulted in an unauthorised access to the Chicha San Chen membership database stored on the shared server," it said.

Upon discovering the incident, the vendor took immediate action to patch the server vulnerability, it added.

Don't miss: HK consumer watchdog requested to fix data security issues within 2 months

The company has also reported the cybersecurity incident to the Personal Data Protection Commission.

Based on the investigations and analysis conducted by the vendor, the data leaked includes the personal information of Chicha San Chen members such as member names, mobile numbers, email addresses, and encrypted login passwords.

The company has initiated the process of notifying individuals whose data has been affected and recommends all members to change their login passwords as soon as possible.

It added that it will continue to work with the vendor to strengthen its cybersecurity. Additionally, the company will be conducting a thorough review of the incident to ensure that the data entrusted to the vendor remains safe and secure.

It also said that it is committed to responding to the incident transparently and proactively and that it will provide updates as they come in as investigations are ongoing.

The news comes shortly after Live Nation Entertainment launched an investigation into the data breach that affected its Ticketmaster counterpart. The breach was discovered on 20 May, the latest in a series of high-profile corporate hacks.

In a filing with the US Securities and Exchange Commission (SEC), Live Nation stated that they have identified “unauthorised activity” within a third-party cloud database and are working with forensic investigators to pinpoint the cause.

The company also stated in the filing that on 27 May 2024, a criminal threat actor offered what it alleged to be company user data for sale via the dark web.

share on