SINGAPORE — The local branches of Taiwan-based bubble tea brands R&B Tea and Chicha San Chen have reported a data breach in their customer relationship management systems, leading to a leak of their customers’ personal information.

This includes customers’ names, mobile numbers, email addresses and encrypted login passwords. 

On Monday (June 24), R&B Tea issued an email to its customers who have a membership account with the brand, informing them of a data breach that may have compromised their personal information.

In the email, the company said that its customer relationship management system managed by an external vendor was subject to a hacking incident. 

“Upon discovering the incident, the vendor took immediate action to patch the server vulnerability. We have also reported the cybersecurity incident to the Personal Data Protection Commission (PDPC),” the email stated.

The PDPC, which is part of the Infocomm Media Development Authority, serves as Singapore’s main authority in matters relating to personal data protection.

Responding to TODAY’s queries, an R&B Tea spokesperson said that its vendor had launched a “thorough investigation” to determine the scope of the breach and had patched the server vulnerability “immediately”. 

It added that the vendor had also implemented additional security measures to prevent further unauthorised access and are monitoring their servers for further suspicious activity.

Similarly, some Chicha San Chen customers received an email from the company last Sunday (June 23) informing them that an unknown party had gained “unauthorised access” to its rewards programme server, which is also hosted by a third-party vendor.

The email stated that customers’ membership points and vouchers were not affected in the incident, and that the company does not store any credit card information.

“We are deeply committed to provide our members with a safe and transparent Chicha experience and we sincerely apologise for any inconvenience this incident may have caused,” the email read. 

“We will also continue to audit, review and enhance our security controls and processes.”

It is not known if both R&B Tea and Chicha San Chen share the same vendor. 

Both brands have recommended their customers to change their account passwords.

TODAY has reached out to Chicha San Chen for comment but has not received a response at time of publication. 

According to their websites, R&B Tea and Chicha San Chen have 14 and 30 outlets across Singapore respectively.

In response to TODAY’s queries, a spokesperson from the PDPC said that it is currently investigating the cases.