R&B Tea and Chicha San Chen bubble tea brands report third party data breach

The Singapore branches of Taiwan-based bubble tea brands, R&B Tea and Chicha San Chen, are reporting data breaches in their customer relationship management (CRM) systems, which are managed by a third-party vendor. The breaches have led to the exposure of customers' personal information.

On June 23, 2024 Chicha San Chen customers received an email informing them of the breach, stating that their rewards program server, managed by a third-party vendor, was compromised. Just a day later, on June 24, 2024 R&B Tea issued an email to its customers, notifying them of the data breach affecting their CRM system, also managed by an external vendor.

Both brands claim that their vendors promptly patched the server vulnerabilities. It's not clear whether it's the same vendor, but it's quite probable. Authorities, including the Personal Data Protection Commission (PDPC), are currently investigating these incidents.

Data exposed:

• Names
• Mobile numbers
• Email addresses
• Encrypted login passwords

The number of affected individuals is not disclosed. Customers of both brands are advised to change their account passwords.